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BSIMM takes 
step-by-step 
approach 
to security 

BY JEFF FEINMAN 

Cigital and Fortify Software have 
put together a new maturity mod- 
el, the Building Security In Matu- 
rity Model (BSIMM), to stimulate 
a cultural change when it comes 
to creating secure software. 

Representatives from Cigital 
and Fortify conducted inter- 
views and collected data from 
nine enterprise companies, such 
as Adobe, EMC, Google and 
Microsoft. The model is divided 
into 12 practices, falling under 
the categories of governance, 
intelligence, software security 
development life cycle (SSDL) 
touch points, and deployment. 

According to the BSIMM, an 
integral piece of governance 
should be everyone involved in 
creating and deploying software 
attaining a common understand- 
ing of strategy, along with direc- 
tion around security objectives. 
Proper compliance and policy 
must be in place and appropriate 
training should be given. 

To gain knowledge of poten- 
tial attacks, a software initiative 
must identify potential attackers, 
as well as document the attacks 
that have already happened and 
that caused the greatest organi- 
zational concern. The initiative 
must also provide security fea- 
tures and education on security 
and coding standards. The 
continued on page 15 ► 



Microsoft clears the path for Azure 

Cloud computing platform to arrive at end of year 




Azure will evolve rapidly, says 
Microsoft's Steven Martin. 



BY DAVID WORTHINGTON 

Microsoft is poised to deliver its 
Windows Azure Web services 
platform this year, the company 
has confirmed, and has begun 
conditioning its customers to 
understand cloud computing. 

"We are hardening the surface 
areas of the core Azure operating 
system and getting ready for 
commercial availability," said 
Steven Martin, senior director of 
developer platform product man- 
agement at Microsoft. 

Azures platform technology 
will evolve faster than Microsoft's 
traditional operating system 
release schedule, Martin said, 
adding that it will be more like a 



Web construct than a series of 
Windows milestones. The Azure 
operating system is a modified 
version of Windows Server 2008. 

Microsoft is also plugging away 
at Azure s building-block services, 
including Dynamics CRM, .NET 
services, SharePoint, SQL and 
Windows Live services. It has 
begun to cycle extra resources to 
SQL Data Services based on 
developer feedback, Martin said. 

SQL Data Services, which ana- 
lysts have compared with Ama- 
zon's SimpleDB, is being given a 
much broader focus than it had at 
the start, and it is receiving more 
relational database functionality. 

"There will be a significant 



expansion of what it looks like 
today," Martin noted. 

"Microsoft is making a good 
attempt at cloud computing, but it 
appears there is a lot left to deliv- 
er," said Denis Pombriant, manag- 
ing principal analyst of Beagle 
Research Group. He posited that 
Microsoft was rushing Azure to 
market to counter the growing 
success of Salesforce.com, not 
because it was totally ready. 

Ahead of its MIX09 confer- 
ence, Microsoft began pitching its 
customers with cloud computing 
scenarios. Martin cited an exam- 
ple of a company with applications 
that have high, short-term work- 
continued on page 20 ► 



JavaScript is recast 



in Apple's 

Objective-J offers a path to the iPhone 



image 



BY ALEX HANDY 

Objective-C has long been the 
official programming language of 
the Apple development world. 
For the last seven months, howev- 
er, 280 North, a Silicon Valley 
startup, has been trying to bring 
object-ivity to JavaScript. 

Objective-J is a strict but small- 
er superset of JavaScript, built 
entirely in JavaScript. It adds new 
features to JavaScript that are use- 
ful to GUI developers, just as 
Objective-C adds such features to 
C. Objective-J and Objective-C 



are so similar that these JavaScript 
applications can be easily convert- 
ed into iPhone applications. 

Objective-J began as the bot- 
tom of the software stack created 
by 280 North, formed two years 
ago by a trio of college friends 
after graduation. The company's 
first major release, 280 Slides, was 
a Web-based presentation pro- 
gram similar to PowerPoint that 
acted like a desktop application. 

Beneath 280 Slides was Cap- 
puccino, a library of all the need- 
ed cross-platform support and UI 
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College friends Tom Robinson, Francisco Tolmasky and Ross Boucher, from 
left, are behind Web development startup 280 North. 



elements for allowing desktop- 
like behavior in Firefox, Internet 
Explorer and Safari. Below that 
was Objective-J, which brought 
over many of the principles creat- 
ed in Next Computer's OpenStep. 



OpenStep led to Apple's cur- 
rent desktop environment, and 
Objective-J combined with Cap- 
puccino brings a similar philoso- 
phy to JavaScript. Both Objec- 
continued on page 21 ► 
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zAgile goes for open-source, integrated ALM 

Semantic framework tracks performance of tools used through dev cycle 



BY JEFF FEINMAN 

When it comes to application 
life-cycle management, zAgile 
is saying, "Tools? We don't need 
no stinkin' tools!" 

That is the calling card of 
the latest company on the ALM 
block to offer an integration bus 
that allows for third-party 
development software. Howev- 
er, zAgile solely facilitates the 
use of outside development 
software, not its own. 

Many other companies, like 
Kovair and Urbancode, have 
already embraced the idea of 
ALM 2.0 and offer a brand- 
agnostic integration framework 
for software development. 
However, with Kovair, for 
example, developers can use 
third-party requirements defin- 
ition software but also have the 
option of using Kovair's 
requirements definition tool. 

"Although we play in the 
ALM space, the problem with 
the term 'ALM' is that it brings 
along the baggage of tools, and 
we do not provide tools," said 
Andrew Lampitt, vice president 
of marketing and cofounder of 
zAgile. "We interpret ALM 2.0 
as information sharing among 
the various products, and that's 
what software information 
management means." 

zAgile provides an open- 
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Wikidsmart and zPortal are the wiki and portal GUI manifestations to display content of the information repository 
underneath. The information repository in turns contains links to the information in the source repositories. 



source semantic framework, an 
integration bus that allows tools 
and methodologies from all 
companies. It touts the notion 
of software information man- 
agement, which the company 
defines as the integration and 
management of information 
associated with all phases and 
aspects of the software engi- 
neering life cycle. The company 
gives real-time dashboards that 



track the performance of those 
tools. 

zPortal, one such real-time 
collaboration product from 
zAgile, integrates the reposito- 
ries of different tools in use and 
shows the status of different 
aspects of a developer's project. 
zComposer, meanwhile, focus- 
es on aligning the processes of 
distributed teams. 

"We don't get into the 



methodology or process reli- 
gion: Is waterfall better than 
agile methods?" Lampitt said. 
"We accommodate the process- 
es as to what the organization 
has. The one tool we do have is 
a process definition tool, where 
you capture the processes, and 
then you can instantiate your 
tools with projects correspond- 
ing to that methodology." 

In talking about the benefits 



of an open-source ALM frame- 
work, Lampitt said, "You're not 
paying anything until you've 
proven it out in your own organi- 
zation. You download it and say, 
1 know I need some integration, 
but I don't feel like putting down 
a couple hundred thousand dol- 
lars just to see if it works.' " 

zAgile was founded in 2006 
and is based in San Francisco. 
Sanjiva Nath, founder and pres- 
ident of zAgile, has been 
involved in software for over 20 
years, serving early on in his 
career as an architect of Wells 
Fargo's credit card authoriza- 
tion system. He also said he has 
a heavy background in enter- 
prise software. Nath called zAg- 
ile a "crystallization" of his expe- 
rience in software development. 

"Regardless of the environ- 
ment I was in, there was a recur- 
ring theme of people focusing 
very naively on process," he said. 

"People were always trying 
to improve process, but I felt 
there were four things that ulti- 
mately make software endeav- 
ors happen successfully: com- 
munity, knowledge, process and 
collaboration. I tried to envision 
a platform that brings all of this 
together, but not one that offers 
people a new set of tools, 
because there are 20,000 of 
them out there." I 



CLOUDBASIC opens computing 
paradigm to students, Mindy 



DBASIC? 



At the Dartmouth announcement, representatives of major cloud 
and industry players were present to pledge their support: 



BY I.B. PHOOLEN 

DARTMOUTH, N.H., APRIL 

1 — Hearkening back to the 
earliest days of computing edu- 
cation, a team of computer sci- 
entists have developed a special 
programming language to help 
students learn how to create 
mashups in the cloud. The lan- 
guage, CLOUDBASIC, was 
unveiled at Dartmouth College, 
home of the original version of 
the Beginner's All-purpose 
Symbolic Instruction Code. 

"It's been 47 years since John 
Kemeny and Thomas Kurtz 
showed off Dartmouth BASIC," 
said Sara dePragma, a graduate 
student who spearheaded the 
initiative as part of her Masters 
in Computer Education. "Heck, 
I wasn't even born then. Come 
to think of it, neither were my 
parents. Sheesh!" 



According to dePragma, the 
eight design principles of 
CLOUDBASIC are: 

1. Be so easy that total losers 
like her ditzy roommate Mindy 
could use it. 

2. Be a general-purpose pro- 
gramming language suitable to 
use as both a dessert topping 
and a floor wax. 

3. Allow advanced features 
to be added for experts (which, 
duh, would make the language 
unusable by Mindy). 

4. Be interactive using 
things called "dialog boxes." 

5. Provide clear and friendly 
error messages when a rogue 
program brings down the entire 
cloud environment. 

6. Respond quickly for small 
functinal programs, such as 
"Hello, Cloud." 

7. Not to require an under- 



standing of the cloud's hard- 
ware, unless the server is using 
an AMD processor. 

8. Shield the user from the 
cloud, because the cloud is very 
big and ethereal. 

Prof. Angus McMushroom, 
dePragma's advisor, was quick 
to insist that the use of the 
GOTO statement within 
CLOUDBASIC was not his 
idea. "It's not my idea," he 
insisted. "I just know that noth- 
ing good's going to come of it. I 
can just imagine that Ed Dijk- 
stra's turning in his grave. Just 
don't blame me, okay?" 

"I'm so delighted to see 
everyone adopting CLOUD- 
BASIC," said Dartmouth's 
dePragma. "Now, who's up for 
helping me design its debugger 
for my Ph.D. dissertation? 
Mindy?" I 



• Microsoft released the first 
Community Technology Pre- 
view of CloudBasic#.NET for 
Windows Azure and the unan- 
nounced Visual Studio Team 
System Cloud Edition 2012. 

• Sun announced that the Java 
Community Process would 
begin a JSR to develop with 
a language that's similar 
to CloudBasic#.NET, except 
incompatible in a few subtle 
ways, and which would be 
implemented in NetBeans. 

• The Eclipse Foundation is 
working hard to come up with 
a hard-to-remember acronym 
for their own CLOUDBASIC 
project, which will have OSGi 
extensions that will render 
it subtly incompatible with 
what Microsoft and Sun are 
doing. 



• Apple has released iCLOUD- 
BASIC, available in the iTunes 
App Store as a 99-cent down- 
load for the iPhone. 

• Google showed off the public 
beta of Google CLOUDBASIC 
Web Services. It is expected 
to remain in public beta for 
the next 20 years. 

• Amazon.com invited SD Times 
readers to purchase the Kin- 
dle version of "CLOUDBASIC 
for Total Losers Like Mindy" at 
a 25% discount. Use the code 
MINDYISALOSER at checkout. 

• The Free Software Founda- 
tion released an angry state- 
ment warning that it and 
the Software Freedom Law 
Center will sue any organiza- 
tion that doesn't refer to the 
language as either GNU/ 
CLOUDBASIC or as gcb. 
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Solutions for every world 

Visual Modeling for Business, IT and Systems 

Enterprise Architect from Sparx Systems redefines visual modeling 
with a huge set of built-in tools, technologies and capabilities, 
coupled with a lightweight footprint and great agility. 
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.Net, Actionscript, C, C++, C#, Java, Delphi, VB, PHP, Python, DDL, 
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RTF & HTML Documentation, MDA Transforms, and more. 
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NewsiBriefs 



, COMPANIES , 



More than 200,000 members have joined openCollabNet, an end-user 
and developer community around the CollabNet platform and Subver- 
sion. The company said that more than 20,000 members join open- 
CollabNet each month, and its website has more than 5 million month- 
ly page views. openCollabNet offers help and technical support for 
CollabNet users, along with free software downloads and libraries. 



NEW PRODUCTS 



Artisan Software has created Artisan Workbench, a collaborative 
engineering framework for deploying software for embedded systems. 
Artisan Workbench is based on an open architecture built on a multi- 
user repository, and it facilitates collaboration by enabling data to be 
directly shared and linked between integrated tools, according to the 
company. 



UPDATES 



_L 



Oracle has released Application Express 3.2, a free Web application 
development tool for Oracle Database developers. The new version 
brings a conversion feature for converting Oracle Forms-based appli- 
cations into HTML applications running in an Oracle Database, accord- 
ing to the company . . . AMD has released a new version of its ATI 
Stream SDK, adding the ability to work with multiple GPUs in a single 
program, as well as 8-bit and 16-bit integer types. ATI Stream SDK 
1.4 also integrates with Visual Studio 2008, and it offers the ability to 
do texture sampling and thread-level data sharing . . . Legacy system 
management company vLegaci has added two new features, RPG 
Code Complexity Measurement and Trace Execution Analysis, to its 
Codelyzer source-exploration software for IBM's RPG programming 
language for its System i servers. There are new complexity metrics 
for RPG code at the program and subroutine levels, according to the 
company, as well as the ability for developers to import System i trace 
data and to view it graphically . . . FarPoint Technologies, a provider of 
components for .NET and Visual Studio, added new row edit templates 
and cell types to version 4 of its FarPoint Spread for ASP.NET 
spreadsheet component for Visual Studio 2008 development. The new 
version also integrates with Office Open XML and brings a new Quick 
Start Wizard for rapid prototyping . . . AdaCore, a provider of com- 
mercial software products for the Ada programming language, has 
improved the code generation and debugging capabilities of its GNAT 
Pro Ada development environment. GNAT Pro 6.2 also offers a more 
efficient implementation of stack checks, overflow checks, validity 
checks, and features for associating pre- and post-conditions with sub- 
programs, AdaCore said . . . SpringSource has released Grails 1.1, a 
new version of its rapid Web application development framework 
based on the Groovy programming language and the Spring platform. 
The new version offers deeper integration with Spring, with standalone 
usage of Grails Object Relational Mapping within Spring. It also has 
tighter integration with Ant and Maven, bringing what the company 
said is a stronger tie with the Java ecosystem . . . Iron Speed has cre- 
ated a new page layout editor in Iron Speed Designer 6.0, its Web 2.0 
application generator for .NET. The new version has 15 new page types 
for creating applications, and developers can preview Web pages with- 
out closing Iron Speed Designer during configuration changes. 



_L 



PEOPLE 



_L 



Per Akerberg has been named president and CEO of Enea, a provider 
of software for embedded products. Akerberg started at Enea in 2004 
as president of Enea Embedded Technology, a subsidiary, and became 
COO of Enea in 2006. Prior to Enea, Akerberg was Telelogic's senior 
vice president of sales in central Europe and North America 
. . . Rebecca Flavin has been named CEO of user interface of RIA 
designer EffectiveUI; she has served as chief marketing officer of the 
company since 2006. Additionally, Peyton Lindley was named Effec- 
tiveUI's executive director of user experience design and technology, 
where he will be responsible for overseeing project management and 
guiding development teams. I 




Now you're speaking 
Eric Evans 7 language 

Author discusses use of ubiquitous 
communication to make software projects succeed 



BY ALEX HANDY 

In 2003, Eric Evans published 
the book "Domain-Driven 
Design: Tackling Complexity in 
the Heart of Software," in which 
he laid out the principles he 
believes lead to successful soft- 
ware development projects. We 
caught up with Evans to chat 
about domain-driven design 
and its place in a world already 
dominated by driven develop- 
ment of all kinds. 

SD Times: How did you come up 
with domain-driven design? 

Eric Evans: Domain-driven 
design isn't really a new thing. 
It's been one of the basic 
philosophies of software 
design for at least 20 years. It's 
evolved over that time. Until 
that book, no one had really sat 
down and systematized it. I'd 
been on a lot of interesting 
projects that seemed to fulfill 
the object model. Some were 
failures, some weren't. 

What do you do at the end 
when you say you fulfilled 
requirements? What was it you 
did that couldn't have been done 
in COBOL? I was frustrated. I 
looked across that range of pro- 
jects I'd worked on, and I real- 
ized there were certain patterns 
they followed on the more suc- 
cessful ones. There was a deep 
similarity between them. I set 
out to try to describe what that 
similarity was and how you 
could reproduce it. 

Basically, you can look back a 
long way and see that people 
thought that models were impor- 
tant. That somehow, software 
could be constructed around 
models. You look back and see 
people were saying, "The funda- 
mental challenge of our job is 
not technology. It's about the 
way we relate to the people who 
are the experts in this domain." 
What are the primary aspects of 
domain-driven design? 
I could boil it down into two or 
three basic things. The first is 
the ubiquitous language. On 
most projects, you'd have dif- 
ferent people talking in differ- 
ent languages. Your technical 
people will discuss the system 
with a certain language. They 
will describe the actual func- 



tioning of the system in the 
same way. They will have words 
for the functional entities that 
are different from the words 
used by the business people. 
Some will know the language 
the business people use, so they 
act as interpreters for the tech- 
nical people who don't know 
that language. You have a 
process broken into parts. 

The business people are 
talking to technical people in 
requirements gathering, and 
then it's written up and handed 
off in this other sort of language 
for implementation. That 
means you can never have a 
conversation about how the sys- 
tem really works. The software 
on the inside is actually nothing 
like what the business people 
are imagining it to be. 

This leads to usability prob- 
lems. Translation is never a per- 
fect thing. It also hurts estimates. 
The way estimates work is that 
the technical person says, "I have 
feature A and feature B, so it 
seems to me that feature C is a 
natural extension of A and B." 
The business person says, "No, 
no, no, that's a totally different 
thing and will take an enormous 
amount of time." When in fact, 
for the technical people, it's not 
totally different from an imple- 
mentation point of view. 

There's no communication 
there. There's no way for a non- 
technical person to anticipate 
what might be easy or what 
might be hard. Also, business 
people never propose ideas that 
might have been easy because 
it's not evident to them that 
they would be easy. 
Does that mean that something 
as simple as naming your 
libraries and classes after the 
business tables they represent? 
At the most basic level, it's nam- 
ing things the way they would 
expect. There are more subtle 
aspects. With the application 
model itself, it's a system of 
names and relationships among 
things. We share this, and when 
we talk about it, we use that 
consistent language. When we 
build the system, we stay true to 
this. If the system isn't built that 
way, we're just talking about 
some fiction. I don't mean this 



thing where people say we take 
the business language and the 
conception, and just make soft- 
ware that reflects it. 
What are the other important 
aspects of domain-driven design? 
The second element is that you 
have to bring about a creative 
collaboration between the 
domain experts and the techni- 
cal experts. It's very closely 
related and so much easier said 
than done. You'd have to start 
with an intention to do it. Some 
people are good at it and some 
are not. One of the keys to this 
is in recruitment. You have to 
hire the kind of people who are 
good at this, who are good at 
getting in a fruitful conversa- 
tion with a domain expert. 

The third aspect is what I call 
an awareness of context. Here is 
one of the areas where I kind of 
had to invent a system because 
no one had really systematized 
this. Within any given project 
there are multiple models in 
play. We try to understand them 
and map them out. What are 
the boundaries that define 
where each one applies? If you 
say pot-ay-to and I say pot-ah- 
to, that's fine, as long as we 
know where pot-ay-to is used 
and where pot-ah-to is used. 
Projects that succeed have usu- 
ally accomplished this. 

Having a language to 
describe this and. . .a terminolo- 
gy and a system serves to make 
it more reproducible. 
How does domain-driven design 
stack up to test-driven design or 
behavior-driven design? 
Well, domain-driven design is 
certainly not an alternative to 
[test-driven design] or [behavior- 
driven design]. In the last few 
years, everything has become 
something-driven design. I 
probably should have named it 
something else, only because it 
seems like these are being pro- 
posed as alternatives. 

I think there is an interesting 
case where the [behavior-driven 
design] people are actually fans 
of domain-driven design. Dan 
North [a leading proponent of 
behavior-driven design] has 
gone to lengths to get it across to 
people that these are not alter- 
natives to each other. I 



www.seapine.com/devscm 

Satisfy your quality obsession. 




• |M «| ^ 


I = 


III! Mil 1^ 

• ■ • i * t • 




possibilities 




1 



© 2009 Seapine Software, Inc. All rights reserved. 



Get More Change Management 
with Seapine Integrated SCCM 

TestTrack Pro + Surround SCM = infinite SCCM possibilities. Seapine's integrated software change and 
configuration management (SCCM) tools do much more than competing tools, and at a much lower price 
point. Start with TestTrack Pro for change management and add Surround SCM for configuration management- 
two award-winning tools that together give you the best integrated SCCM solution on the market. 

• Link issues, change requests, and other work items with source code changes. 

• Manage simple or complex change processes with flexible branching and labeling. 

• Coordinate distributed development with RSS feeds, email conversation tracking, caching proxy 
servers, change notifications, 3-way diff/merge, and other collaboration features. 

• Enforce and automate processes with incredibly flexible work item and file-level workflows. 

Built on industry-standard RDBMSs, Seapine's SCCM tools are more scalable, give you more workflow options, 
and provide more security and traceability than competing solutions. 

Get more, do more with Seapine tools. Visit www.seapine.com/devscm. 



Is- Seapine Software™ 



8 



NEWS 



Software Development Times . April 1, 2009 . 



www.sdtimes.com 



Agile On Demand designed to ease project management 



BY JEFF FEINMAN 

Serena Software is putting agile 
development into a software- 
as-a-service model with Agile 
On Demand, its agile project 
management software, made 



generally available on March 2. 
Rene Bonvanie, senior vice 
president of marketing for 
Serena, said that transforming 
the people-oriented workflow 
processes into a computerized 



setting with Agile On Demand 
was a challenge. In a usual 
agile process, he noted, even 
removing a single sticky note 
could throw everything off. 
"The No. 1 objection that 



people have against SCM tools 
in general is that it's a tool," 
Bonvanie said. "Developers 
hate tools. Anything that 
forces process or input, they 
hate. So we needed to build 



Your best source for 
software development tools! 
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LEADTOOLS Document 
Imaging v 1 6: 

by LEAD Technologies 

LEADTOOLS Document Imaging has every 
component you need to develop powerful 
image-enabled business applications including 
specialized bi-tonal image display and 
processing, document clean up, high-speed 
scanning, advanced compression (CCITT 
G3/G4, JBIG2, MRC, ABC) and more. 

• Multi-threaded OCR/ICR/OMR/ 
MICR/Barcodes (1D/2D) 

• Forms recognition/processing 

• PDF and PDF/A 

• Annotation (Image Mark-up) 
•C/C++, .NET, WPF - Win32/64 

programmers.com/lead 

Pragma Fortress SSH 

— SSH Server for Windows 

by Pragma Systems 

Contains Windows SSH & SFTP Servers. Certified 
for Windows Server 2008. Works with PowerShell. 

• Full-featured server with centralized 
& graphical management 

• GSSAPI Kerberos & NTLM authentication 

• Fastest SFTP & SCP file transfer 

• Supports over 1000 sessions 

• Runs console applications & allows history 
scroll back within the same session 

• Runs in Windows 2008/2003/Vista/XP/2000 

programmers.com/pragma 

FarPoint Spread 
for Windows Forms 

The Best Grid is a Spreadsheet. Give your users 
the look, feel, and power of Microsoft® Excel®, 
without needing Excel installed on their machines. 
Join the professional developers around the 
world who consistently turn to FarPoint Spread 
to add powerful, extendable spreadsheet solu- 
tions to their COM, ASP.NET, .NET, BizTalk Server 
and SharePoint Server applications. 

• World's #1 selling development spreadsheet 

• Read/Write native Microsoft Excel Files 

• Cross-sheet formula referencing 

• Fully extensible models 

• Royalty-free, run-time free 

programmers.com/farpoint 

SANmelody Kit v2.0 

by Datacore 

DataCore SANmelody overcomes the high 
cost barrier and complexity of traditional 
SAN storage. SANmelody converts standard 
Intel/AMD servers, blades or virtual machines 
(VMs) into fully capable storage servers that 
virtualize disks and serve them over existing 
networks to application servers. They are simple 
to operate, take only minutes to install, and 
let you cost-effectively optimize, manage and 
protect data storage and disk space. 



; dtSearch Engine for Win & .NET 

; Add dtSearch's "blazing speeds" 
(CRN Test Center) searching and 
j file format support 
• dozens of full-text and fielded 

data search options 
» file parsers/converters for hit-highlighted 

display of gjl popular file types 
» Spider supports dynamic and static web data; 

highlights hits with links, images, etc. intact 
» API supports .NET, C++, Java, SQL and more; 

new .NET Spider API 



programmers.com/datacore 
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"Bottom line: dtSearch manages a terabyte of 
text in a single index and returns results in 
less than a second. " — InfoWorld 



Single Server 

Paradise # 

D29 02101A07 

$ 949." 
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F01 0131 

$ 711." 
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c-treeACE ™ Professional 

by FairCom 

The c-treeACE database engine is a high performance 
database alternative proven by developers in mission 
critical enterprise systems, desktop deployments, and 
embedded devices for over 25 years. 

• Complete set of APIs including ADO.NET, LINQ, 
C#, C/C++, ODBC, JDBC, VCL, and dbExpress 

• Graphical productivity tools 

• Simple deployment 

• No DBA or ongoing administration 

• Low deployment licensing costs 

• Cross-platform support for all major platforms 
including Windows, UNIX, Linux, and Mac OS X 

Make your applications faster, easier to deploy, 

and more affordable with c-treeACE. programmers.com/faircom I 

Crystal Reports 2008 

by SAP BusinessObjects 

Crystal Reports 2008 is a powerful, 
dynamic, actionable reporting solution that 
helps you design, explore, visualize, and 
deliver reports via the web or embedded in 
enterprise applications. It enables end 
users to consume reports with stunning 
visualizations, conduct on report business 
modeling, and execute decisions instantly 
from the report itself-reducing dependency 
on IT and developers. 

Paradise # 
CON 11101A03 

$ 462." 

programmers.com/sap 



Orion Network 
Performance Monitor 

by Solarwinds 

Orion Network Performance Monitor is a 
comprehensive fault and network performance 
management platform that scales with the 
rapid growth of your network and expands 
with your network management needs. 
It offers out-of-the-box network-centric views 
that are designed to deliver the critical 
information network engineers need. 
Orion NPM is the easiest product of its 
kind to use and maintain, meaning you 
will spend more time actually managing 
networks, not supporting Orion NPM. 



VMware 

Lab Automation 

Bundle 

The VMware Lab Automation bundle 
helps IT administrators consolidate lab 
infrastructure, reduce storage costs and 
eliminate time-consuming provisioning 
tasks. Lab users benefit from on-demand 
access to system configurations while IT 
remains in administrative control. 
Includes VMware vCenter Lab Manager 
and VMware Infrastructure 3 for 8 CPUs, 
and vCenter Server. 

Special promotional pricing 
expires April 30, 2009. 



Paradise # 
S4A 08201 E02 

$ 4,606." 

programmers.com/solarwinds 
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TX Text Control 14 

Word Processing Components 

TX Text Control is royalty-free, 
robust and powerful word processing 
software in reusable component form. 

•. NET WinForms control for VB.NET and C# 

• ActiveX for VB6, Delphi, VBScript/HTML, ASP 

• File formats DOCX, DOC, RTF, HTML, XML, TXT 

• PDF export without additional 3rd party 
tools or printer drivers 

• Nested tables, headers & footers, text 
frames, bullets, numbered lists, multiple 
undo/redo, sections, merge fields 

• Ready-to-use toolbars and dialog boxes 



Professional Edition 

Paradise # 

T79 02101A01 

$ 919." 



Corporate Edition 

1 -4 Users 

Paradise # 

SP6 0001 

$ 182." 



programmers.com/theimagingsource 

Enterprise Architect 7.1 

Visualize, Document and 
Control Your Software Project 
by Sparx Systems 

Enterprise Architect is a comprehensive, 
integrated UML 2.1 modeling suite 
providing key benefits at each stage of 
system development. Enterprise Architect 
7.1 supports UML, SysML, BPMN and 
other open standards to analyze, design, 
test and construct reliable, well under- 
stood systems. Additional plug-ins are 
also available for Zachman Framework, 
MODAF, DoDAF and TOGAF, and to 
integrate with Eclipse and Visual Studio 
2005/2008. 

programmers.com/sparxsystems 

Virtual Iron Extended 
Enterprise Edition 

by Virtual Iron 

Virtual Iron Extended Enterprise Edition 
provides the most advanced server 
virtualization and virtual infrastructure 
management capabilities available at 
a fraction of the cost. 

• Unlimited virtual servers 

• Virtual SMP 

• Local, iSCSI, FC storage 
•VLAN 

• LiveMigration 

• LiveMaintenance 

• LiveRecovery 



Paradise # I 
V87L01 101A01 

$ 799 99 

programmers.com/virtualiron 
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something that was computer- 
ized but super simple to use 
and very intuitively usable to 
people who are used to white- 
boards." 

As a result, Serena came up 
with the virtual wall," where 
developers could switch 
between sprints and move 
requirements around. This 
wall that Agile On Demand 
provides lets developers track 
time and work statuses, allo- 
cate resources, and plan 
sprints. It provides acceptance 
test, unit test and build status 
reports. 

Agile On Demand was cre- 
ated for catering to multiple 
agile teams. "It has a tree-like 
structure, similar to like you 
would see in a Microsoft prod- 
uct," said Patchen Noelke, a 
senior product marketing man- 
ager with Serena. "You can 
organize multiple releases, 
organize team backlogs, and 
move requirements easily 
between them for planning. 
You can plan out products, 
releases and sprints." 

When asked why an agile 
team should drop a mature 
process that it has grown com- 
fortable with and might have 
been using for years for soft- 
ware such as Agile On 
Demand, Bonvanie claimed 
that tooling, including spread- 
sheets and other forms of infor- 
mation gathering, have been 
"abysmal" in agile. 

"What we see today is that 
application development is dis- 
tributed and global, and people 
want to be much more pre- 
dictable in how they build 
apps," Bonvanie said. 

"One of the reasons why 
people want to go agile is pre- 
dictability not just in app dev, 
but [also] with the business. 
Agile helps with visibility and 
predictability, but only if you 
have the right tools that allow 
that information to be proper- 
ly shared, and that was the 
theme for the software we 
released." 

Agile On Demand allows 
developers to set up RSS feeds 
and to communicate via 
instant messaging. The soft- 
ware integrates with Serena's 
Business Mashup platform 
and also offers video instruc- 
tion on common agile prac- 
tices, along with over-the- 
phone coaching from a Serena 
representative. I 
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SOA, agile debates take SD West stage 



BY ALEX HANDY 

The evolution of extreme pro- 
gramming, and the ongoing 
debate over SO As life expectan- 
cy were key themes of this year's 
SD West conference, held in 
Santa Clara last month. 

Meanwhile, James Reinders, 
chief software evangelist and 
director of software products at 
Intel, made it clear in his 
keynote that parallelism is a key 
to successful development. 

And Mike Cohn, a consultant 
with agile consulting firm 
Mountain Goat Software, gave 
an extensive talk on self-organiz- 
ing groups. Cohn contended 
that managers do not need to 
create command-and-control 
processes. Instead, he said, they 
should set goals for teams, then 
use subtle influence to push 
these teams and tweak their 
performance. 

"A lot of people feel that agile 
is about leaving the team alone," 
said Cohn. "That's not the case. 
There's a lot of things we can do 
to influence and help the 
team... As long as the control is 
subtle and indirect, control is 
not evil." 

As an example, Cohn sug- 
gested that a team that is not 
communicating well might ben- 
efit from being moved into the 
same building, or even the 
same room. He likened self- 
organizing teams to ant 
colonies: There is a queen in 
charge, but she's mostly busy 
with her own work and leaves 
the drones to accomplish their 
tasks however they see fit. 

Dave Messinger, chief archi- 
tect of TopCoder, spoke about 
the use of crowdsourcing in soft- 
ware development. TopCoder 
holds competitions among devel- 
opers to accomplish set coding 
tasks. It's part of a growing indus- 
try of crowdsourcing develop- 
ment companies, like Mob4Hire 
and uTest. Those companies are 
specifically focused on crowd- 
sourced testing, but TopCoder is 
concentrated on actual software 
generation. 

Messinger said that peer 
review is key to success on Top- 
Coder, where leading develop- 
ers are paid to review the soft- 
ware written by others on the 
site. Using those reviews and 
some behind-the-scenes algo- 
rithms, TopCoder is able to 
profile its developers and pre- 
dict which projects they might 
be suited to based on their skills 
and past performance. 



TRACKING DEVELOPMENT 

TechExcel demonstrated fea- 
tures of its upcoming DevTrack 
8.0. This issue-tracking and 
management system will bring 
Unicode support to the plat- 



form later this month. 

Paul Unterberg, an associate 
director at TechExcel, said that 
DevTrack 8.0 is designed for the 
growing number of companies 
that have overseas development 
houses. DevTrack 8.0 adds in 



Web services support for reports 
and bug tracking, allowing devel- 
opers to see statistics about their 
projects from desktop widgets. 

Electric Cloud introduced 
Version 3.0 of Electriclnsight, 
adding two new reports that can 



show root conflicts in slow 
builds and track bottlenecks 
from build time. Electriclnsight 
works with ElectricAccelerator 
to profile build issues and give 
developers a view into what hap- 
pens at compile time. I 



Intellectuals solve problems. 
Geniuses prevent them. 



Albert Einstein 
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"Solutions" that 

only identify problems 

are simply not the solution. 
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Taking software 
development on faith 

Evolving methodology gives meaning to 'plug-and-pray' 



BY I.B. PHOOLEN 

TOPEKA, KANSAS, APRIL 1 

- Speakers here at the Faith- 
Based Development Confer- 
ence have demonstrated a soft- 
ware development methodology 
based on the concept that if you 
believe your code will work 
properly it will work properly 

"All you have to do is believe, 
and we do this all the time," said 
Ebenezer Scroom, CEO of 
Faith-Based Software Develop- 
ment Inc. (FBSDI), which 
sponsored the conference. "We 
turn the car key and believe that 
our engine will start... and it 
does. We push bread down into 
the toaster and believe that toast 
will pop out. . . and it does." 

He continued, "Today, we 
write thousand of lines of C# or 
Java, click the 'Build' button and 
believe the application will exe- 
cute correctly the first time. In 
his heart of hearts, every devel- 
oper believes this! The good 



news is that if you follow the 
principles of Faith-Based 
Development, your app will 
work the first time." 

Scroom cited anecdotal 
studies that demonstrate the 
power of Faith-Based Develop- 
ment to cut costs, shorten 
development cycles, improve 
software quality, and so on. 
"These results have been vali- 
dated by industry analysts," he 
said, "who were duly impressed 
when we hired them to author 
white papers for FBSDI." 

There are four pillars of 
Faith-Based Development, ex- 
plained Scroom, all of which can 
be easily implemented by tools 
sold by FBSDI. A project begins 
with Faith-Based Modeling, 
where architects document what 
Scroom calls "Faith Cases." 
Next, Faith-Based Coding relies 
on plug-in modules for Visual 
Studio Team System and 
Eclipse. "If you have faith that 



your syntax is right, then it's 
going to be right," he said. 

The third phase is Faith- 
Based Testing. "This is perhaps 
the easiest part to learn." 
Scroom said. "Developers are 
already used to firing up their 
automated test suites, closing 
their eyes and praying. What 
we now know is that it's the 
quality of the prayer, not the 
comprehensiveness of the test 
harness, that really matters." 

Finally, he said, FBSDI's 
Faith-Based Build and Deploy- 
ment Server brings together 
the final assemblies and pushes 
them out to the data center in 
one irrevocable operation. 

"If you believe the software 
will be perfect the first time, 
there's no reason to implement 
a phased rollout," Scroom said. 
"If you have faith, you will suc- 
ceed. If not. . . well, have I men- 
tioned our professional services 
division?" I 



APRIL 1 SHORTS 



Microsoft released Windows Azure Home Edition for the growing 
number of consumers with enough desktops, laptops, netbooks, set- 
top boxes, game consoles and smartphones to create their 
own teraflop compute cloud. The software will be a direct upgrade 
from Windows Vista Ultimate with Windows Media Center . . . Tech- 
nology analyst firm Gartner has been named to a Gartner Magic 
Quadrant for its leadership in technology analysis. "This validates that 
Gartner has both the ability to execute and also the completeness of 
vision to lead in the technology analysis market," said a spokesperson 
... To the driver of the blue Toyota Camry in the back parking lot: 
Your headlights are on . . . Intel demonstrated a massively parallel 
version of its 64-bit Itanium processor, the first using Intel's 8nm 
Nebuchadnezzar architecture, which succeeds Montecito, Montvale, 
Tukwila, Poulson and Kittson. With 512 cores, peak interprocessor 
bandwidth of 12 TB/sec and peak memory bandwidth of 640 TB/sec, it 
is the fastest chip ever designed, literally decades ahead of anything 
you can do with an x86-64 processor. Analysts agree, however, that 
Nebuchadnezzar is not expected to gain many new customers for the 
slow-selling platform; nobody even showed up for the demo . . . Social 
network giants Facebook and Linkedln announced a merger. The new 
company, FacedlnBookLink, helps professionals share their most 
embarrassing college party videos with customers and prospective 
employers. Terms of the deal were not revealed, pending the merged 
company's appearance in a forthcoming Gartner Magic Quadrant 
. . . Congratulation, your EMAIL ID have won 1,820,000 GBP. winning 
No: 10 20 25 41 44 46 with a bonus 6 for LOTTO 6/49 in the just con- 
cluded draw held in United Kingdom, please contact your Agent 
. . . Big-brained computer engineers and software scientists from 154 
countries attended the Rebooting Rebooting Summit, held in San 
Francisco last month. The purpose of the summit was to put our plan- 
et's most brilliant minds onto the biggest unanswered question of our 
age: Why does it take so long for your freakin' computer to turn itself 
off when you select Shut Down from the Start menu? I 



Does your Team do more than just track bugs? 



Alexsys Team does! Alexsys Team 2 is a mull i-user Team management system that provides a 
powerful yet easy way to manage all the members of your team and their tasks - including defect 
tracking. Use Team right out of the box or tailor it to your needs. 



Track all your project tasks in one database so 
you can work together to get projects done. 



Free Trial and Single User 
FreePack™ available at 
www.atex corp.com 
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Eclipse Riena designed to mix RCP, 



BY ALEX HANDY 

When IBM originally pushed 
Eclipse out into the open-source 
world, few anticipated that the 
IDE itself would become the 
basis for an entire ecosystem of 
rich client applications. But for 
those building applications on 
top of Eclipse, a host of new 
tools should make life easier. In 
early March, Eclipse Riena hit 
version 1.0, offering RCP users a 
new way to tie Equinox into 
their applications. 

Christian Campo, project 
lead on Riena, said that Eclipse 
RCP and the OSGi-based 
Equinox work well together. 
Equinox, he said, "provides the 
component model that allows 
developers to create applications 
based on a modular architecture. 
An important feature of OSGi is 
that you can dynamically update 
and delete parts of an application 
while it is running." 

Another goal of Riena was to 
give RCP developers an easier 
way to develop user interfaces. 
"Eclipse RCP has become a pop- 
ular platform for developing 
complex business applications 
during the last few years. How- 
ever, the UI frameworks in RCP 
tend to address the power users 
and not end users. Eclipse Riena 
provides a set of UI frameworks 
that allow developers to create 
an optimized user interface for 
end users," said Campo. 

To tie these two Eclipse pro- 
jects together into a single, cohe- 
sive product, Campo and his 
team built some additions on top 
of Eclipse RCP and Equinox. 

"Riena has implemented a 
Remote Services component 
that coordinates the communica- 
tion between the Eclipse RCP 
client and Equinox server," said 
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Campo. "The Remote Services 
component provides the frame- 
works to make it easy to build 
distributed client/server OSGi- 
based applications. Riena also 
implements an Object Transac- 



tion framework that isolates the 
changes on the client before any 
communication is sent to the 
server. This improves the perfor- 
mance and efficiency of a 
client/server application and also 



allows for transaction rollback. 

"The goal of Riena is to cre- 
ate an environment where com- 
ponents can easily be moved 
between the client and a server. 
Beyond the use of Equinox, 



Riena also offers APIs for 
accessing security information 
(identity, permissions, etc.), 
sending logs and accessing local 
and remote services for the 
client and server platform." 




Get ready for... th e ' ' L If ( ) )/ \[ (J j 

Standard in Silverlight apps 

Presenting RadControls for Silverlight - the UI suite 
that brings LOB applications to the RIA world 



Complete set of UI controls for LOB applications 

RadControls offer everything to the professional Silverlight developer - from the most powerful 
Silverlight grid to stunning animated charts and gauges. All components come with 
a well-designed API that makes your development simple and fast. 



Great performance 

Handle large sets of data, even millions of records, without impacting the user experience 
thanks to the innovative LINQ-based data engine and UI virtualization capabilities in 
RadControls for Silverlight. 



Professional skins and effortless visual customization 

RadControls for Silverlight ship with a number of great-looking skins, such as Office 2007 and 
Vista that help you deliver a consistent look and feel in your Silverlight applications with zero 
effort. And in case you need more, RadControls offer skin color shifting capabilities and full 
Blend support, so you can add the necessary tweak in the blink of an eye. 



Rich data visualization capabilities 

RadControls for Silverlight empower you to create rich digital dashboards that enable 
your business customers to quickly analyze key performance indicators (KPIs) and other 
corporate data. 
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Equinox 



BUILDING WINDOWS 

In late March, Instantiations 
released its own Eclipse UI tool- 
ing update: WindowBuilder 7. 
This UI design tool received a 
host of Swing-related updates 



and a set of new APIs to allow 
users to customize widgets and 
UI components more deeply. 

Mark Johnson, vice president 
of marketing and business devel- 
opment at Instantiations, said, 



"If a customer has a big body of 
SWT or Swing code that might 
have been developed in another 
IDE, our tool can parse that 
code and reverse-engineer it into 
a design." This feature is 
designed to bring application 
interfaces created in other UI 
tools into WindowBuilder. 

Johnson said that Window- 



Builder 7 also adds support for 
Swing Databinding. He said that 
some of the work done in Win- 
dowBuilder is also helping to 
build Instantiations' next project: 
Embedded RCP. ERCP seeks to 
push Eclipse RCP into embed- 
ded and mobile environments. 
He said that ERCP is now avail- 
able as a technology preview. I 




Appistry brings 
enterprises 
to the cloud 

BY DAVID WORTHINGTON 

As more enterprises look to 
cloud computing, questions on 
how to migrate and manage 
applications off-premises arise. 
Cloud platform software maker 
Appistry has introduced a new 
product that it says will handle 
those tasks at scale. 

CloudlQ Manager was 
announced in March as an addi- 
tion to CloudlQ Platform 4.0. 
CloudlQ Manager provides a 
container that manages the life 
cycle of existing C, C + + , Java 
and .NET applications in the 
cloud, said Sam Charrington, 
vice president of product man- 
agement and marketing. 

Users create a service defini- 
tion for each of their applications 
by writing XML-based templates 
that describe how to manage the 
life cycle of an application, he 
explained. Service templates are 
supplied for common applica- 
tion types, he added. 

"People get the impression 
that cloud computing is for star- 
tups and does not scale for enter- 
prises with hundreds of applica- 
tions," said Charrington. "There 
is a gap in the market for tools to 
migrate application portfolios to 
the cloud." 

Once an application is man- 
aged by CloudlQ, it may be 
shifted between cloud environ- 
ments using a drag-and-drop 
interface; applications are man- 
aged from a single console 
across all cloud environments. 

The application container is 
infrastructure agnostic and runs 
everywhere from hypervisors in 
private clouds to commercial 
services, Charrington said. How- 
ever, applications must run on 
Linux or Windows, he noted. 

CloudlQ Managers manage- 
ment console exposes manage- 
ment features through a REST 
interface. That way, users can 
build integrations of their con- 
sole and other management sys- 
tems, Charrington said. 

CloudlQ Manager can work 
without other CloudlQ Platform 
components. It is priced at 
US$299 per CPU core per year. 

The CloudlQ Platform 
includes CloudlQ Engine, a 
framework for building cloud 
applications out of components 
for high scale and availability, 
said Charrington. I 
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Microsoft's FAT patent sows GPL confusion 

Per-unit licensing terms would be disallowed, but previous agreement was compliant 



BY DAVID WORTHINGTON 

Microsoft's current FAT file system 
licensing program could hobble the 
development and free distribution of 
GPL-licensed software, says an open- 
source legal advocate. However, licens- 
ing terms that were once published on 
Microsoft's website, which have since 
vanished, would have been compatible 
with the GPL. 

In March, Microsoft sued GPS navi- 
gation device maker TomTom for 
allegedly violating three of Microsoft's 
file-system related patents by using Lin- 
ux in its GPS devices. Linux supports the 
FAT file system and FAT Long File 
Names, which Microsoft licenses. Court 
filings revealed that Microsoft has 18 
licensees — all under non-disclosure 
agreements — for its FAT patents. 

TomTom now finds itself between a 
rock and a hard place. If TomTom con- 
tinues to use Linux without licensing the 
FAT file system, it could face legal 
penalties. However, if it does license the 
system from Microsoft, TomTom could 
find itself in violation of the GPL, under 
which the Linux kernel is licensed. 

While accepting a patent licensing 
agreement with Microsoft does not nec- 






;<RT K h hrilMi IhM^p I'imill llll ■!! 



HMtWWJ^^ ^^^^ r^^J^CTiiiW^V^^^^^^^^Ei^^^^M 



m 



■ bMfi nprnwd upon niiUpti Uihi lb tafci mditrtrnga rijdflK 



ilita tn ba ilorad on ■ Hc-pp,- diL Si>:i ;h«; irm, iha TKT Flta ■• 

onpiw b»:M>3i>;v. *nd 1c- lunhir rwf m jnd -irrxh ■:»■■ rw Ita rprtvn ItuK. 

TrtHy. IM WT FM it&a* Ttkk btttflM I hi u^iitM fomiH ulM For <itt«rtJU*4i rf iftHH HLvi££f< uci^ulfri. *«. vft« W* «***! rf 
iraipviiM. nnnnUi Hjtfn rrw-HFY, JtaE- b il w i n dqU davcn. !>■ FAT fa rywlvn n km ii^KiiKl b P i Hifa ■inity of -:-par 1*11-41 X|T*i™ 
rjnrhp an ill ilmi ol sanputv^, Trsm iwm tn flirt dfM *mMm*a. In addUarv rmny d fetal ih^La audi u rll and maw umn, »u-dn 
^■ytff^ **W fl^if R^*T"*E. Kwrffj, ^wj ;nrJj*-«^ rr*kf uw ^ HT hVf- t.^lAii tec hfHleqv 

Htn-n-l'L n ulkmu Lu kiiU lit FAT lib iy-J^n k^jFuiii^i ifri lurtiMtt] iHahrtull \iiupiA-t. Willi Hi* III inn, lHJht Lunpain him HU 
isxartunttr In ataraliniii tin TAT Flla Byatam knphmantatm n IMr product!, wd Is InpiHi Ik ifnm EMnpabtihhy mu j ranpa ol conpultag 
and cnnu^njT nl?r*Tinrir* ri#hi:#i. 

JJ yw fl.t numiu . n oWinrta b K4nM. diMM CpnuKl Our LnUHttfejei fViwir ntd UbfcfttfnQ &*wi M. FaJSEEkfen USUslLkSS* F* *1frtf 



1 ihf if rinri pnj0i,05 CVmeatliL 



Pricing and licensing 



H;<jft*Kft QlTn/3 o wrwntn:ljl F rnjHraPf . nitwit*!-* Erroi? W tfi-K 0!h*r rc*r*i|n.«. [WwK^ FAT rtlf -PMwm 

Nky«aft cffen wo -rpHifc Crpw ■* Hoarse* 

■ A kEinu tar ran-:-vakai Hid ilabi iridunumliduinbi prvtanni: In* Tada.iud- ■■ lamawci lai- mi:rf ydk. it :■* >4lcnicn TAT III 
?™«i I**"i#C. pnri W C^M^ *!* n*"0 l*<h p*cfcfm|iT«l m^^ y^ "hf W^rw-tf; ^T r. * *viJr&m krmji Rf.;^ Piy if-^ ik^rw- .5 l^=.+C 35 [yr 
^r-ti rttjh *CJP"1 IW?' nj H k;^. nf tZ?p.WIJ ««■ m*iV|.lpctgn>r. 

» A KftV4 ^j> fiU<uliil»ji>i l'' LtrUti twOu&ir mtttrtititM aMH. h-<ny (ir V'k Ik*'** n (j6K-.iS- pfe- ifi4. **■ i*Ji uF IIH hfc- "j Ivuii cF 
4iviun IWtM i<;iLVJhvj^iU.v |V4i>d ta ilc-4 -NU: ua-Llt+i Aafckl Uil w^Srii; padJCta difMl vdk» UnMiA^ cuUVr i>^lii ri4Vvri«0 
uniiu: porlibi -Iqia iudk- f-Ih-bti; part^-ki dtgfeal >^db-: puwan; pn-t«:ti cifl Lsl ^.:i:.' r dr:- p Jtffi r.hluidKfipniln; riidroiHC phmc- 
rnin-Hj «kEETDr«c mudcri ImfarurmnbLj ind miKird Mihliani. Pricng hi- thki Ibih ■. L"SI0.:S pv unrt Mth « -up or tnbil nr^lkn al 1 2IDJHH 
«r l<tfiMf-. Pr<ln^ hy ftrtifr 4f -^ 5>P« W« E4 fltoHjriaiKl ^*;h HUnjwfi. 

Nepz-kA'! Ffcl Ih iytlHrn Inrii orhkri knfi«d rtfili la wjhj And pundrg Hen:*: Ft pHMtk c-n FAT Ih i|rilani hKhrHbav, M Mkl M nghBc U 
AT iki i^bim ipHlksntn. Di onhr ba ium kibn-pjnJiltY bitvwi <3ia IkamHd mtduk ind dnkaa «rd Hex-i+iTW* 
* rnrnprtf nj #nd fn InDnjtfT ffljntlP"*' 1 ^Bfi^iW. the- Isxnw ntqMkn -\t*\ la^Kn.' TAT nk? wtfwr. fcnplfn-^rliJjnnj in 

rtH- l(tnMrf Fifdts pr.1 dp«m t^Adp- c^jnutMni nriir. opru^n n^b^n^d DOmtefv?. nf rft M<njMt F*T rtlf +>!T#rr, w<or<*r^n Tf h^p i^-w. 

:™piHT»K rta FAT F*a -Epntfn,. Nlaronft MM s+m pra-iat cdtuii n^vutn ecuth o«*a jM wt EixciF^HHK je pve al Uh lk»pchp pickup* h fearJi 

HfiBMH. 



According to this Archive.org cache, Microsoft removed licensing terms from its website in 
July 2006. These terms would have been GPL-compliant. 



essarily constitute a violation of GPL v2 
or GPL v3, some of the FAT licensees 
may have accepted per-unit terms that 
would bar them from distributing soft- 
ware under the GPL, said Eben Moglen, 
founder of the Software Freedom Law 
Center and professor of law at Columbia 
Law School. 

Under the GPL, there is an assumed 
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right to redistribute software into the 
commons. A per-unit royalty agreement 
would require licensees to track how 
many copies of GPL-licensed software 
were distributed and to whom, some- 
thing that would make downstream 
redistribution an impossibility, he said. 

"That is not freedom under the GPL 
sense," said Moglen. "Under the GPL 
license, people should be able to distrib- 
ute [into the commons] ad infinitum. If 
software is running a per-unit royalty, 
companies are not capable of distribut- 
ing under the GPL." 

Moglen couldn't say whether any of 
the 18 deals with Microsoft involve a 
GPL-violating term because the agree- 
ments are confidential. Further, any roy- 
alties paid to Microsoft at a flat rate, or 
paid up until a maximum amount (which 
does not require licensees to report to 
Microsoft about downstream distribu- 
tion or redistribution), might not violate 
the GPL, he added. 

Under the original FAT licensing 
program, pricing was US$0.25 per unit 
with a cap on total royalties of $250,000 
per manufacturer, according to what had 
been posted on Microsoft's website from 
2003 to July 2006. A Microsoft 
spokesperson could not explain why they 
were removed or whether those terms 
were applicable to the 18 agreements 
outlined in the lawsuit. 

In a statement to SD Times, David 
Kaefer, Microsoft's general manager of 
intellectual property licensing, said, 
"When we announced the FAT licensing 
program in December 2003, we indicat- 
ed that pricing would be $0.25 per unit 
up to a cap of $250,000 for devices that 
use FAT for removable memory, such as 
flash memory cards. At that time, we 
also noted that some companies may 
wish to negotiate broader or narrower 
rights than our standard license for flash 
memory type scenarios, and that pricing 



may vary. Today, our public pricing 
approach is unchanged." Kaefer did not 
say if any of those agreements were 
open-ended. 

Jeremy Allison, a cofounder of the 
open-source Samba project to extend 
Microsoft capabilities onto other plat- 
forms, said that the fixed price licensing 
that Microsoft is describing would not 
be GPL v2 compatible. 

The Linux kernel, which TomTom 
uses for its devices, is licensed under 
GPL v2. The GNU operating system 
that Linux is built out of is licensed 
under GPL v3. 

GPL v3 violations are another possi- 
bility, because under the license, soft- 
ware may not be distributed if the dis- 
tributor gives up a portion of his or her 
revenue in exchange for patent rights. 

"Everyone that made such a deal 
with Microsoft should have had good 
GPL advice and considered alterna- 
tives, such as not making the deal," said 
Moglen. "I'm not sure what people did 
or didn't do. Some companies are care- 
ful with a deep legal bench, but I'm 
sure some people got hustled [by 
Microsoft]." 

He cautioned that licensees might 
one day discover their agreements being 
publicized by Microsoft. "Microsoft is 
trying to work itself toward having a 
large number of businesses enrolled into 
taking licenses that they would be better 
off refusing. It could go public and say, 
'You too should take a license.'" 

In doing so, Microsoft is financing 
itself through patents, because the com- 
pany's software does not meet engineer- 
ing and global business requirements, 
said Moglen. 

"They want to get paid for the other 
guy's stuff while they go through the tor- 
turous process of transforming Windows 
so that it is agile," said Moglen. "Given 
Microsoft's history and structure, that 
will be a wrenching and potentially fatal 
task [to Microsoft, if it fails]." I 




Eben Moglen, founder of the SFLC, says that 
the GPL bars per-unit distribution. 
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Taking 
security 
in steps 

< continued from page 1 

BSIMM lists architecture 
analysis, code review and secu- 
rity testing as the key SSDL 
touch points. 

During deployment, soft- 
ware security professionals 
need to carry out penetration 
testing and monitor input to the 
software they run to spot 
attacks. Additionally, security 
professionals should ensure 
their ability to track unautho- 
rized changes to applications 
and to detect unauthorized 
activity, according to the 
BSIMM. 

When talking about the 
BSIMM, Cigital and Fortify 
stressed the importance of a 
strong software security group. 
An average software security 
group size should be about 1% 
of the size of the software 
development organization. 

"Every single one of the 
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nine companies that we studied 
to build the model has an active 
software security group," said 
Gary McGraw, CTO of Cigital. 
"This suggests that if you're try- 
ing to have software security in 
your organization carried out 
by the developers or network 
security, you should think 
about what successful compa- 
nies are doing." 

The BSIMM states that soft- 
ware security groups should 
emphasize security education 
and mentoring rather than polic- 
ing for security errors. It preach- 
es the use of automated code 
review and black box testing. 

McGraw said that the steps 
laid out in the BSIMM are not 
intended for software develop- 
ers. Instead, they are intended 
for people that are trying to 
teach software developers how 



Source: Cigital 

to do proper software security. 

"Whoever runs your organi- 
zation that's worried about the 
ramifications of bad software 
security and business impact, 
that's the person who needs to 
understand this work," he said. 
"It's about how to institute a 
cultural change to create, plan 
and execute a large scale soft- 
ware security initiative." 

"I don't know of any other 
instance where the range of 
companies that we're talking 
about have been willing to dis- 
cuss their security activities," 
said Brian Chess, cofounder 
and chief scientist of Fortify. 
"We can say if [that] you're not 
doing something out of this 
core set of activities, you are an 
outlier. And you need to think 
about whether that's a good 
thing or a bad thing." I 



Integrated ALM 
goes on-demand 

SaaS version of Kovair 6.0 offers 
integration bus, process engine 



BY JEFF FEINMAN 

Kovair Software is going on- 
demand in a new rollout of its 
application life-cycle manage- 
ment platform. 

Sky Basu, CTO and presi- 
dent of Kovair, said that Kovair 
6.0, expected to be released on 
March 29, offers the same 
software as its on-premise 
tool, both sharing the same 
features. The on-demand ver- 
sion will offer the company's 
ALM platform, which brings 
requirements management, 
test management and issues 
management. Additionally, 
Kovair's process engine and 
integration bus technologies 
will be available on-demand. 
Customers currently using 
Kovair's on-premise software 
will be able to switch to an on- 
demand format, Basu said. 

"If our customers have some 
concern about security, we 



know that we are very secure 
and have a physically secure 
data center," he said. 

"Still, if the customer has a 
security concern, you can do it 
on premise. But for some 
[companies] that are small 
and medium-sized, they don't 
want the hassle of having 
[their] own server, and they 
might not have the IT people 
to install and manage those 
things." 

Basu added that some orga- 
nizations might benefit from 
starting on demand to try 
Kovair's software, and eventual- 
ly migrate to an on-premise 
installation. Both versions use 
the same browser-based inter- 
face, which has been 
redesigned in Kovair 6.0 for 
easier navigation. It now uses 
AJAX, and its custom forms 
tabs have been replaced by col- 
lapsible windows. I 
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Don't Forget Your Documentation 

Doc-To-Help® Enterprise enables developers and technical 
writers to author in Doc-To-Help's XML-based editor, 
Microsoft Word or HTML (or use existing documents) and 
publish to the Web, Help systems, or printed manuals with a 
single click. Extras include team authoring support, 
Microsoft Sandcastle integration, and a tool for embedding 
dynamic Help in .NET applications. 

All this comes in one box! Imagine having one application that serves 
all your documentation needs. 



He 


1 


P'200 



DOWNLOAD THE TRIAL AT: WWW.doctohelp.com 



ComponentOtie* 







E A D T O O L S 

ePrintS 



DOC 




mull 



Create any document from any application.. 

Increase Productivity! 



LEADTOOLS ePrint® is the total solution for businesses 
needing fast, reliable PDF, DOC, JPG, TIFF, HTML (and 140+ 
more fomats) creation and conversion, giving users flexible 
options to save, print, email, or combine their files. 

ePrint leads the way in print capture and file conversion utilities, 
offering a full featured solution for the professional user, while 
maintaining its ease of use for those only needing to save to PDF 
or simple file conversion. 

Perfect for today's fast-paced office environment, ePrint can 
convert your documents, save the file to your computer or 
SharePoint, print to multiple printers around the office and email 
the file all at the same time! 

Go to eprintdriver.com for more information or to download your 
free evaluation today. 

www.eprintdriver.com (800) 637-1835 



The Best Technical Training for 




Attend 



"Highly recommended." 

— Gayle Ormsby, Information Architect, 
Neighborhood Credit Union 



^11^ 



*t\ 



SPTechCon 

The SharePoint 
Technology Conference 



June 22-24, 2009 -» Boston 



Hyatt Regency Cambridge 
Cambridge, MA 

■ New to SharePoint? 
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"I think the event was great— not only did I 
enjoy it, I really do feel like it helped us 
'discover' many tactics, possibilities and 
uses of SharePoint that we probably 
wouldn't have hit otherwise." 

—Jon Oien, Sr. Software Engineer, eREI 



SPTechCon features a heavy slate of classes to teach how to 
take full advantage of SharePoint, from business intelligence 
tools to reporting and much more. 

Learn best practices for managing a SharePoint environment 
and integrating it with other systems to unleash the full power 
of the software ... and your company! 

SPTechCon offers a deep dive into the architecture and 
provides practical classes on such SharePoint-centric features 
as Web Parts, lists and pages. 

Learn how to create applications for SharePoint that solve 
real business problems, and also see what kind of third-party 
applications have already been created to run on top 
of SharePoint. 




"Great! Well planned, the 
classes were great for my 
organization's needs." 

— Uka Udeh, IT Specialist, DDOT 



For more information, 



"Whether you are new to SharePoint or an 
expert, SPTechCon provides necessary 
information to do your job better." 

—Bill Tuccio, Systems Engineer, TYBRIN 
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"Go! You will gather knowledge 
and find great new tips you 
didn't know existed!" 

—Tom Ficker, Specialist, Portland General Electric 
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The technical classes and workshops at SPTechCon are focused on 
practical techniques and practices you can put to work today! 

Bring a group of developers, IT pros and business teams to 
improve your whole organization's skills - and get a discount 
to boot! Contact us for group registration discounts! 



A Take only the classes that work best for you. With more than 
50 classes and workshops to choose from, you can make 
SPTechCon your own! 



Find the best third-party tools and meet informally with the experts 
in our exhibit hall! 

Learn from the brightest minds in the SharePoint universe! 

Most of our speakers either are Microsoft engineers or have achieved 

MVP status based on their in-depth knowledge of SharePoint. 

There's a shortage of SharePoint experts! Develop your skills 
and improve your own professional standing! 
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Atlassian's Bamboo shoots builds to the cloud 



Continuous integration server connects to Amazon Web Services 



BY ALEX HANDY 

For developers working under 
tight deadlines, having a cloud 
system chip in with its own pro- 
cessing power would be a great 



help. To this end, Atlassian 
announced in March that its 
continuous integration server, 
Bamboo, can link with Amazon 
Web Services. Bamboo can now 



push build queues into the 
Amazon cloud, taking advan- 
tage of the horsepower avail- 
able therein. 

To acknowledge this new 



use case for Amazon Web Ser- 
vices, Atlassian has rechris- 
tened Bamboo as Elastic Bam- 
boo. Ken Olofsen, product 
marketing manager for devel- 
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oper tools at Atlassian, said that 
Elastic Bamboo can help save 
time for teams working uagainst 
the clock. Toward the end of a 
release cycle, he said, build 
queues can stretch out beyond 
the norms, forcing developers 
and testers to sit around waiting 
for their binaries. 

Existing Bamboo customers 
will see Elastic Bamboo come 
down the pipe as version 2.2. 
The base price for the software 
is still US$1,200, said Olofsen. 

In addition to purchasing a 
Bamboo license, users will also 
have to open their own Amazon 
Web Services account. 

Because Elastic Bamboo 
uses Amazon's Elastic Com- 
pute Cloud to process those 
builds, teams can cut down 
wait times in a crunch, said 
Olofsen. He didn't have any 
numbers yet on time savings, 
even though the internal teams 
at JIRA are now using Elastic 
Bamboo for their own builds. 
But he did say that teams 
building a development envi- 
ronment from scratch will be 
the most likely to benefit. 

"I think one of the big value 
propositions is for smaller teams 
who have a hard time procuring 
servers. They're going to see 
value and scale instantly," said 
Olofsen. He stated that opening 
an Amazon Web Services 
account on a company credit 
card is faster and cheaper than 
going through the enterprise 
bureaucracy of procuring new 
servers. 

For now, the Elastic Bam- 
boo cloud can only handle a 
Fedora virtual machine, mixed 
with JDK 6, and coordinated 
with Ant or Maven. Olofsen 
said that, in the future, there 
will be other build environ- 
ments available and that 
Atlassian could construct new 
virtual machines for use with 
Elastic Bamboo on customer 
request. 

It remains to be seen if Elas- 
tic Bamboo can bring cloud 
computing into the build 
process, however. Olofsen 
admitted that build times are 
heavily dependent on the type 
of project being built. 

"The tricky thing is that, 
depending on the cost of your 
existing hardware and the 
range of pricing on Amazon," 
the cost and money savings can 
be subjective, said Olofsen. 
Still, he remained confident 
that teams with severe short- 
ages of build hardware would 
find Amazon's clouds warm 
and comforting. I 
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Sowing the seeds of performance monitoring 

dynaTrace launches portal containing open-source plug-ins compatible with OSGi 3.0 



BY DAVID WORTHINGTON 

David is using open source to 
take on Goliath. In late Febru- 
ary, dynaTrace Software, a Java 
and .NET performance solu- 
tion maker, launched a commu- 
nity portal where customers can 
share plug-ins. 

The portal also includes doc- 
umentation and best practices, 
code samples, a knowledge base, 
and technology tutorials and 
training. However, the open- 
source plug-ins are the "big sto- 
ry," said Eric Senunas, senior 
director of marketing and com- 
munications at dynaTrace. 

The plug-ins are built to the 
OSGi 3.0 specification, which 
provides a component model 
for the Java Virtual Machine to 
make Java more modular. The 
plug-ins work with the dyna- 
Trace 3.0 server, which was 
released earlier in February. 

dynaTrace 3.0 includes 
Eclipse-based tooling for devel- 
oping plug-ins and a deployment 
architecture for installing com- 
ponents locally or across geo- 
graphically distributed systems. 

Some plug-ins are perfor- 
mance monitors, sending alerts 
when thresholds are exceeded, 
while others are task sched- 
ulers, said senior performance 
architect Andreas Grabner. 

While the plug-ins are 
licensed under the BSD license, 
the server product remains pro- 
prietary, Senunas noted. 

"The strategy is to augment 
the complementary products 
without using resources that are 
developing the core product," 
said Jean-Pierre Garbani, a For- 
rester Research vice president. 
"In technology adoption, one of 
the obstacles to overcome is the 
need for these complementary 
inputs that, given the diversity of 
the market, are too numerous to 
be all developed and qualified 
by the core team." 

He explained that dynaTrace 
is accomplishing two things by 
seeding open-source plug-ins: 
creating a framework that 
removes the need for comple- 
ments; and using the integra- 
tions to sell its core product 
without incurring the cost of 
actually developing them. Hav- 
ing a community that can share 
plug-ins also removes an obsta- 
cle to adoption, he said. 

"I see this approach as 
spreading more and more 



among the small vendors as a together in partnerships," Gar- have adopted a similar strategy. "Customers want to get rid of 

way to effectively compete bani observed. Other licensed Open-source plug-ins will commercial monitoring ven- 

against the larger ones, espe- software vendors, including help dynaTrace customers do dors. It is less expensive using 

cially if the small vendors pool Klocwork, NetlQ and Tideway, more with less, said Senunas. open source." I 
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Microsoft clears path for Azure 



< continued from page 1 

loads using capacity on demand 
to lower maintenance costs 
when the applications were idle. 
While it is introducing cloud- 
based scenarios, the company 
offers little guidance through 



developer-focused reference 
applications. Martin said that 
Microsoft's Live Meeting Web 
conferencing service was using 
components of Azure services, 
and that more of Microsoft's 
Web-based offerings would use 



Azure as their infrastructure. 

"Reference applications pro- 
vide a set of guidelines to aid the 
developers as they build and 
deploy applications," said Mar- 
tin. "Over the course of the com- 
ing months, Microsoft will share 



more information about refer- 
ence applications in an effort to 
demonstrate the benefits of the 
Azure Services Platform.' 

When asked which Microsoft 
customers were developing 
applications for Azure, Martin 
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cited Epicor, Micro Focus and 
S3Edge as examples — which 
were previously given in the fall. 

Epicor is creating an ERP 
system on Azure. Micro Focus 
has created a service that exe- 
cutes COBOL applications in 
the cloud. S3Edge is building 
an RFID-based inventory recall 
system. 

To assist more customers 
onto the Azure platform, the 
company's patterns and practices 
group will deliver recommended 
best practices on cloud utiliza- 
tion and data storage concepts 
later this year, said Martin. 

Enterprise governance is also 
on the radar. Microsoft has 
begun talking to customers 
about how application portability 
will affect compliance with regu- 
lation and privacy policies, said 
Martin. Visual Studio will let 
developers decide whether to 
deploy applications on premise, 
in the cloud, or both. 

The company is consulting 
with its customers and will dis- 
close what service-level agree- 
ments will be offered near the 
end of the year. The SLAs may 
be based on the demands of an 
application, Martin said. "We 
might have tiers of SLAs... Cus- 
tomers just want a high degree of 
availability, replications, distribu- 
tion and fault tolerance drafted 
into a system." 

SLAs may be of importance 
to developers because Azure 
components can comprise com- 
posite applications. Azure will 
be interoperable with other 
cloud services through Internet 
standards, and developers may 
choose to use services on an a la 
carte basis, said Microsoft's cor- 
porate vice president Robert 
Wahbe in October. 

A metadata model will help 
SO A governance vendors cre- 
ate supplementary products for 
managing Azure services, said 
Martin. "Tracking metadata will 
be associated with a service 
from the point of origin; devel- 
opers that consume a service as 
part of an application will have 
a high level of visibility." 

"The company is making 
most of the right sounds around 
the platform," said Beagle's 
Pombriant. "However, at the 
moment it looks like Microsoft 
will be the odd person out. 

"Salesforce.com, Amazon, 
Google, Facebook and others 
have all been careful to enable 
integration across their plat- 
forms. I'm not sure Microsoft 
will do the same as many of 
these companies are direct 
competitors/ 
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Objective-J pushes apps to iPhone 



< continued from page 1 

tive-J and Cappuccino are open 
source, but 280 Slides and 280 
North's next project, a Web- 
application creation IDE called 
Atlas, are closed source. 

The team at 280 North is only 
beginning to talk about Atlas and 
has not yet set a release date for 
it. They have produced a video 
demonstrating the technology 
for creating GUI elements with- 
in the browser. 

Tom Robinson, a member of 
the 280 North development 
team, said that his coworkers 
always enjoyed programming 
for Apple's systems. That's why 
they built Objective-J in Objec- 
tive-C's image. 

"Objective-J . . . adds the 
same sort of things [as Objec- 
tive-C]: Classical inheri- 
tance., .full classes. . .super class 
methods, and all that sort of 
thing," said Robinson. 

"Another thing JavaScript is 
lacking is [the ability to] import 
code easily. Typically, Web 
developers add a script tag to 
import the things they need. 
That's hard to scale if you have 
a large number of dependen- 
cies. Objective-J adds an import 
statement that automatically 
pulls in the dependencies." 

BACKWARD AND FORWARD 

Objective-J is also backwards 
compatible with regular Java- 
Script, said Robinson. "It actual- 
ly preprocesses the Objective-J 
using a preprocessor that's writ- 
ten in JavaScript. It fetches the 
code through XML HTTP 
requests, and at runtime it con- 
verts it to pure JavaScript and 
runs that," he said. 

Jonathan Berger, a software 
developer building a new project 
on top of Objective-J, is secretive 
about his company's work. But 
he's not secretive about his love 
for Objective-J. Berger is unaffil- 
iated with 280 North, but he 
already feels that Objective-J is 
ready for prime time. 

"I used to be an intern at 
Apple... so I'm pretty familiar 
with Objective-C," said Berger. 
"Apple spent a lot of time con- 
structing Objective-C to give it 
certain properties and [to] make 
sure it could work with windows, 
arrays and all the things you 
need to do graphical interface 
programming. Objective-J does 
that for the Web." 

Aside from interning at 
Apple, Berger studied computer 



science at Stanford, then worked 
for three years at Google, serving 
as product manager for Google 
Checkout and Google product 
search. His startup was founded 
three months ago. 



Perhaps the most enticing 
aspect of Objective-J for his 
startup is the path it offers to the 
iPhone. Objective-J code, he 
said, can be converted to Objec- 
tive-C, meaning a Web applica- 



tion can be ported to the iPhone. 
"They've made the syntax of 
Objective-J identical to Objec- 
tive-C," said Berger. "With 
some minor changes, you're 
able to port applications over to 



Objective-C." 

Robinson insists that Objec- 
tive-J is still a work in progress, 
and it is lacking in documenta- 
tion for now. 

"We have a number of tuto- 
rials and blog posts and various 
things on the website. We could 
definitely use a lot more," said 
Robinson. I 
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Building out with 
SQLServer 2008 

New capabilities save time for developers 
and improve database performance 









BY DAVID WORTHINGTON 

SQL Server 2008 has been credited 
for its markedly better scalability 
and performance, but it also 
has an assortment of capa- 
bilities that fundamentally 
change how enterprise devel- 
opers interact with the database. 

Microsoft made several changes to 
SQL Server from version 2005, ranging 
from the introduction of new develop- 
er tools to fulfilling long-sought devel- 
oper requests in coding, tools, 
management and perfor- 
mance monitoring. 

Among the added 
capabilities is a new 
merge operator in Visual 
Studio 2008, a "great con 
cept" that has been needed for 
years, said Chris Menegay, a prin- 
cipal consultant for Notion Solutions 
and a Microsoft regional director (rec- 
ognized by Microsoft's Developer Plat- 
form evangelism group for technical 
expertise). 

Merge can join a data source with a 
target table or view, then perform mul- 
tiple actions (insert, update, delete) 
against the target based on the results 
of that join, according to Microsoft 
TechNet. 

"The merge command can do in one 
line of code what would have taken 10 
before," when they would have had to 
write multiple CASE statements, said 
Tim Huckaby, CEO of InterKnowlogy, 
a .NET solutions provider. "From a 
plumbing perspective, merge changes 
how to do all of our updates." 

Menegay said that programming 
managers should be certain that merge 
is supported in their code generation 
tools and unit tests before they adopt it. 
"It is a core change to how people inter- 
act with the database, and managers 
should stop people from doing it until 
continued on page 24 ► 
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< continued from page 23 

everyone on the team does it." 

Huckaby was less cautionary, stating 
that while merge makes programming 
easier, developers will not go back and 
refactor or remove old code that works 
just because Microsoft released a new 
feature. "In my opinion, it would be 
used for new applications," he said. 

He added that merge would be par- 
ticularly useful for business intelligence 
and data warehouses for pulling data 
from a transaction database for storage. 

Another one of the most welcomed 
changes is the inclusion of a data type for 
storing dates, said Menegay. "[SQL Serv- 
er] 2005 made doing internationalization 
more difficult. You used to have to parse 
out everything that you did," he said. 

"There was nothing like formatting 
a date from SQL in C#," Huckaby 
remarked. 

Microsoft also added a hierarchical 
data type that eases query building by 
eliminating confusing recursion functions, 
said Menegay. He also praised Visual Stu- 
dio's new data-value change-auditing 
capabilities, which he says will help devel- 
opers examine transactional history. 

"Management might want an applica- 
tion to take notice when someone 
changes the value from a time clock," he 
explained. 



'Of all the teams at Redmond, 
this is one that has its act 
together. Upgrading is a 
no-brainer; there's nothing 
racy about it-just do it. ' 



— Tim Huckaby, 
CEO of Interknowlogy 
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Another change that could ease things 
for developers is the inclusion of Intel- 
liSense code completion in SQL Servers 
Management Studio, said Bob Erickson, 
executive vice president of Interlink Tech- 
nologies, a fully owned subsidiary of 
Mediterranean Shipping, which has been 
featured by Microsoft in SQL case stud- 
ies. "It saves remembering the syntax of 
data schemas and code," he explained. 

TOOLING UP 

Microsoft has also made it simpler for 
enterprises to follow agile development 
processes without worrying about data- 
base design, said Huckaby. "Language 
Integrated Query allows developers to 
query the database themselves without 
having to worry about... database people. 
They [Microsoft] also have the 
ADO.NET Entity Framework," which is 
an "amazing way" to map data, he added. 
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Likewise, Visual Studio 2008 makes it 
easier for developers who aren't data- 
base professionals to model a database 
without ever touching SQL Server, 
Huckaby noted, adding that databases 
do not design themselves. 

"Microsoft is doing a darn good job 
giving application developers plumbing 
and tools, but it still takes design," he 
said. "Scrum and Agile work so well 
because people are forced to talk and 
design as a group, as opposed to gurus in 
each camp meeting in the middle." 

Likewise, integration with Windows 
APIs may benefit some developers. SQL 
Server 2008 includes a feature called 
Filestream that allows developers to take 
unstructured data stored on NTFS -for- 
matted drives in Windows systems but 
reference it in the database, Huckaby 
said. That makes it easier for developers 
to maintain applications because the data 
lives in one place, he explained. 

"Nowadays, Web applications with 
pictures and streaming media typically 
have relational data stored in SQL Serv- 
er and movies stored on streaming 
media servers. SQL Server 2008 puts it 
all in one database," said Huckaby. 

CHANGING MANAGEMENT 

In the same vein, users no longer have to 
manage SQL servers separately from each 
other. "Customers have had to perform 
management, synchronize and patch 
servers one by one," said Patrick Hynds, 
president of security consultancy Critical- 
Sites and a Microsoft regional director. 

"There is now a policy-based man- 
agement system that people will benefit 
from if they look into [it]. It treats SQL 
servers as a single entity," he explained. 

Configuration servers make it possi- 
ble for developers to execute queries 
against a set of servers by creating 
groupings, Erickson added. "It's one of 
the top out-of-the-box features." 

Additionally, clustering servers has 
become more straightforward, Hynds 
said. Previous editions of SQL Server 
had problems when there were differ- 
ences between environments, whereas 
SQL Server 2008 checks for differences, 
he explained. 

"You could survive with clusters 
before, but clustering is matured now 
and easier to live with," and with time, 
"clustering will become less the domain 
of specific experts," Hynds said. 

Enterprises will also benefit from a 



new activity monitor in SQL Server's 
Management Studio that provides at-a- 
glance views of performance issues, said 
Erickson. "They can see the most expen- 
sive queries running, get a picture of 
resources, and then start planning action 
to correct the problem." A resource gov- 
ernor also balances resource allocation. 

Performance collection helps devel- 
opers understand which queries are tak- 
ing the longest, added Hynds. 

Erickson noted that there is a "sleep- 
er" feature in SQL Server 2008 called 
extended events. While extended events 
does not have a user interface, adminis- 
trators can still write scripts with event 
triggers to use it to capture detailed 
information from the engine with little 
performance impact, he said. 

"SQL's trace features create a perfor- 
mance problem and can cause a heavy 
load. Events at the engine level have an 
impact that is not even noticeable, even 
at the call stack," he said. 

Other management features that could 
give SQL users immediate benefits are 
backup and table compression, said 
Erickson. Compression saves "tremen- 
dous" disk space and speeds up backups 
and restores, he said. "Backups that are 
running on a 2005 systems and restored 
on 2008 even run faster," he noted. 

More complete data encryption has 
made SQL Server 2008 more compliant 
to the Health Insurance Portability and 
Accountability Act, Hynds said. "If 
someone stole a disk, the files and data- 
base are encrypted. I bet the average 
developer doesn't know [about it]." 

SCALING UP 

Although SQL Server 2008's developer- 
oriented features are compelling, they 
pale in comparison to the markedly bet- 
ter scalability and performance that it 
offers, said Huckaby. 

Its performance increase is especially 
heavy in business intelligence analysis ser- 
vices, said Erickson. "The processing of 
cubes runs a lot faster. It more intelligent- 
ly deals with cells in terms of processing, 
and that translates to faster performance." 

"SQL Server has had a reputation for 
productivity and [being] easy to use," 
said Hynds. "Now it offers scale, perfor- 
mance and maintainability. That is the 
key to being more competitive." 

"Of all of the teams at Redmond, this 
is one of the teams that has its act togeth- 
er," said Huckaby. "Upgrading is a no- 
brainer; there is nothing racy about it — 
just do it," he said. He also noted that 
customers that have enterprise licensing 
agreements own version 2008 already. 

Erickson recommends that enterprises 
ease into an upgrade by starting with a test 
server that, for instance, keeps compati- 
bility with SQL Server 2005. Once devel- 
opers verify that their full applications are 
working, they should turn on 2008 mode 
and see if it still works, he said. I 
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FROM THE EDITORS 

Programmers against 
sloppy security 

No honest software developer sets out to write insecure software. 
Every architect, every programmer, every tester sincerely believes 
that the code is solid, bug- free and safe. 

Of course, we know better, because systems and applications are not 
secure. Sometimes the architects design is flawed. Sometimes the pro- 
grammer makes assumptions that prove to be false, or forgets to check a 
buffer or return value. Sometimes a typo creates a vulnerability. Some- 
times the testers fail to imagine the creativity of an attack. And sometimes 
the vulnerability is caused by a dependency that nobody understood. 

Consultants and security tools providers, like the folks at Cigital and 
Fortify, are right to continue focusing on this issue. They're right to offer 
training and products that can help architects design more secure soft- 
ware, help programmers write more secure software, and help testers spot 
vulnerabilities that the architects and programmers missed. 

To the array of security-awareness tools, we now have the new Build- 
ing Security In Maturity Model. This initiative has two goals: one spoken, 
one understood. The spoken goal is to raise awareness. The unspoken 
goal, of course, is to get those companies more clients and software sales. 

The "Building Security In" phrase, in particular, is one that Cigital 
CEO Gary McGraw has used as a book title and as the topic of numerous 
lectures and keynotes. It's a good message, one that needs to be heard. 

There are two basic approaches to software security. One is to get soft- 
ware developers to write and deploy more secure software. That's a nev- 
er-ending battle, akin to preventing automobile accidents by getting dri- 
vers to be more careful. Education can help, but just as no amount of 
driver's ed will prevent cars from smashing into each other, no amount of 
developer training will eradicate all software security defects. 

The second approach is to count on tools to protect us from the effects 
of insecure software. That's where enterprise IT tends to focus, as it 
keeps on buying more firewalls, a spam filter, a virus scanner or a source- 
code analyzer. That too is a never-ending battle, similar to buying cars 
with more and more airbags, anti-lock brakes, traction control systems, 
lane-change warnings, backup cameras and so on. These IT security 
products surely help, but there's no way they will catch everything that 
sloppy programmers and malicious hackers toss at the data center. 

So, yes, we support every effort keep awareness high. Think of Cigital 
and Fortify as key players in the "Programmers Against Sloppy Security" 
movement (analogous to Mothers Against Drunk Driving), as they keep 
us focused on a crisis that, sadly, we never see going away. 

Buzzword-driven development 

Model-driven development. Test-driven development. Database-dri- 
ven development. Now there's Domain-Driven Development 
(and, with a wink, Faith-Based Development, see page 11). Are we liv- 
ing in an age of buzzword-driven development? What do all these 
methodologies mean? Don't they conflict with each other? 

Without sparking a religious war, it's our belief that many software 
development organizations tend to follow the methodology that's 
preached by their most recent consultant — or the keynote speaker at the 
conference that their manager just attended. 

The reality is that many of these methodologies only appear to be differ- 
ent, and when you dive deeper, you find that they can all lead you to the 
Promised Land. It is very much like the story about the blind men examin- 
ing an elephant: The same animal looks very different if you're touching the 
wrinkled trunk, the fast-moving tail, the big floppy ears or the smooth tusks. 

All of these apects of the elephant are real, and all of those development 
methodologies are valid and can work. So, pick the one that seems right to 
you (or to your consultant, or to your boss' keynote speaker). The impor- 
tant thing is to succed at whichever methodology you adopt. I 
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I BELIEVE IN THE ENDOWMENT 
EFFECT. That's an economic hypothesis 
that says that people place a higher val- 
ue on things they already possess, com- 
pared to its nominal value if they didn't 
already possess it. 

Imagine you have a 2005 Toyota 
Camry, and someone offered to swap it 
outright for a 2007 Camry. Would you 
do it? You'd be getting a more valuable 
car. The answer? Probably not. 

We grow attached to what we have, 
and there are many reasons why we 
resist change. One reason is that we 
want to minimize risk. We already know 
our car and have come to terms with its 
quirks and defects. Even though the 
newer car is more valuable, it might 
have defects. 

Another is 
that we are 
invested in our 
decisions. We 
rationalize why 
the 2005 car is a "better" car, or that 
monetary value doesn't matter because 
we weren't looking to sell our car in the 
first place. 

Sometimes the Endowment Effect has 
a downside. Consider the choice of tool 
platforms, deployment targets, program- 
ming languages, reusable component 
suites, methodologies, even service 
providers. We have an emotional and 
financial investment in what we're using. 
We've spent time learning and training. 
We've justified to ourselves (and our 
teams, partners and managers) that we've 
made the very best choices, and we're 
going to stick with what we've got. 

Technology evolves. The best choices 
for our business two or five years ago 
may still be the best choices today. But 
then again, they might not be. 

All too often we decline to evaluate 
new choices, insisting, "We did our eval- 
uation, we made up our mind and we're 
sticking with it." That's fine when it 
comes to personal possessions. In a busi- 
ness context, we should be more open- 
minded. Perhaps we like our older car — 
or our familiar tool chain — and it could 
be uncomfortable to change in the short 
term. But maybe a different one might 
be a better choice. — Alan Zeichick 

SOMETIMES FEAR IS the best moti- 
vator — in this case, fear of lawsuits from 
the European Union. Windows 7 is 
going to allow users to de-select Win- 
dows components that Microsoft had 
previously fought tooth and nail to keep 
in the OS. The shortlist includes Inter- 
net Explorer, Windows Media Player, 
Windows DVD Maker, the Windows 
Gadget Platform, and the XPS viewer. 

It is worth noting that Microsoft is 
just removing the IE executable, while 
the guts of IE are still impossibly inter- 
twined with other Windows components. 
It is doubtful that the company has 



changed its middleware bundling philos- 
ophy. Microsoft intends to ship Windows 
7 in the September/October timeframe; 
any later, and it would be a bust. 

As I first reported at Technologizer, 
the company has contingency plans for a 
secondary ship date in the event that the 
EU takes action. That date is January — 
mirroring the Vista launch, and missing 
the holiday shopping season. It would 
behoove Microsoft to bend over back- 
wards to avoid any unnecessary legal 
complications. In my opinion, the latter 
ship date would be bad news for the 
entire industry. — David Worthington 

HERE'S A MESSAGE IN BINARY: 

011110010110111101110101001000000110110101110101 

011100110111010000100000011001110110111100100 

0000111010001101111001000000111010001101000 

01100101001000000100101001100101011010100111 

010101101110011001010010000001101001011011100 

11100110111010001101001011101000111010101110100 

01100101001011100010000001100110011100100110 

01010110010100100000011011010110000101110011 

01101111011011100111001100100000011100100111010 

10110111000100000011101000110100001100101001 

00000011000110110111101110101011011100111010001 

110010011110010010111000100000010000110110111 

101101100011011000110010101100011011101000010 

0000011000010110110001101100001000000110110 

00110111101110011011101000010000001110011011011 

110110001101101011011100110010000001100001011 

0111001100100001000000111001001100101011000 

1101111001011000110110110001100101011001000010 

0000011100110110100001101111011001010110110001 

10000101100011011001010111001100101110 

Translation? "You must go to the 
Jejune Institute. Freemasons run the 
country. Collect all lost socks and recy- 
cled shoelaces." Happy April Fools Day! 
— Alex Handy 

"FIRST OF ALL, the Bay Area isn't 
America," Andi Gutmans said with a 
laugh. 

The new CEO of PHP company 
Zend hails from Switzerland and Israel, 
and he quickly brushed off the notion 
that there are any real cultural differ- 
ences between those countries and Cal- 
ifornia, where he lives now. Since the 
Bay Area has many different ethnicities, 
getting acclimated was no problem at all 
for Gutmans when he moved to the 
United States four years ago. 

I'm in New York, 
and it would be accu- 
rate to say that the 
borough of Queens 
has the same amount 
of diversity. Queens 
is full of different cultures and ethnic 
groups. Between Flushing, Jackson 
Heights, Astoria and many other villages 
in the borough, you might as well be 
traveling across the globe with all the 
different people you see. 

So I guess the East Coast isn't really 
America, either. Or maybe that's exactly 
what America is . — Jeff Feinman 
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IT security: apathy or ignorance? 



The world has a serious problem when 
it comes to IT security. In two words: 
It sucks. Critical IT systems, including 
national infrastructure, are built on soft- 
ware that is known to be hopelessly filled 
with vulnerabilities. We spend billions try- 
ing to patch and filter our way to security, 
but the hackers are always a step ahead. 
There are so many holes, it is downright 
child's play to find a way in. 

The daily reports of hacked 
credit cards are almost comical. 
However, a concerted attack by 
determined, well-funded, tech- 
nologically sophisticated adver- 
saries to take down our power 
grid or air-traffic control system 
wouldn't be funny at all. As 
President Obama recently stat- 
ed, "It's no secret that terrorists 
could use our computer net- 
works to deal us a crippling blow." 

Why aren't people more upset about 
(the lack of) cyber security? Sure, the 
economy is in shambles, but it has 
become clear from TARP and the stim- 
ulus bill that the best we can do is trial 
and error and patiently wait for the ill- 
ness to run its course. 

However, when it comes to computer 
security, there is a known cure. Compa- 
nies can create secure software by follow- 
ing a process that prevents vulnerabili- 
ties. It is done all the time in aircraft and 
in certain military and intelligence sys- 
tems. But the enterprise software world 
will not do it this way. There simply hasn't 
been a strong enough incentive for it. 

The dilemma is exacerbated by the 
common practice, from otherwise rep- 
utable companies, of making misleading 
statements about the security of their 
products. A naive public puts its crown 
jewels under the control of software and 
systems that can't even keep a smart 
teenager out, let alone a nation state that 
puts its best Ph.D.s on the problem. 

In 2008, VMware announced its 
hypervisor's certification to Common Cri- 
teria EAL 4+. The announcement 
included the claim of suitability for "sen- 
sitive government computing environ- 
ments that demand the strictest security." 
Three days later, severe vulnerabilities in 
these products were posted to the U.S. 
Computer Emergency Readiness Team's 
National Vulnerability Database. Among 
other pitfalls, the vulnerabilities "allow 
guest operating system users to execute 
arbitrary code." 

Doesn't this equivocation make peo- 
ple angry? Are we so desensitized to 
insecure software that no one thought to 
write an op-ed piece taking VMware to 
task on this EAL 4+ drivel? The media 
reports daily about the hacks, intrusions 
and data losses, but software vendors are 
rarely called out. 

When a security hole was recently dis- 
covered in Google's Android software, the 
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only person to cry foul was an engineer. 
Ed Burnette, writing a column titled 
"Worst. Bug. Ever." on ZDNet, reports 
that Google was almost flippant: "The rea- 
son why we consider it a large security 
issue is because root access on the device 
breaks our application sandbox." 

Another example is General Dynam- 
ics' Trusted Virtual Environment (TVE), a 
platform that uses SE Linux as 
its "trusted computing base," 
and makes claims of "high 
robustness" and a "quantum 
leap in the way military and 
government security levels are 
accessed." Yet TVE has not 
achieved a high robustness 
^ certification. Vulnerabilities in 
SE Linux have been found 
(check the National Vulnera- 
bility Database). According to 
the NSA, SE Linux has included "no work 
focused upon increasing the assurance of 
Linux itself," and SE Linux is "very unlike- 
ly by itself to meet any interesting defini- 
tion of secure system." 

Even the big-name security vendors 
are guilty. On the front page of McAfee's 
website is the promise of "uncompro- 
mised protection," along with "McAfee 
Network Security Platform Aces Covet- 
ed IPS Test." 

The National Vulnerability Database 
has posted approximately 60 flaws in 
McAfee software, including one that 
could be exploited using any type of net- 
work traffic scanned by a McAfee prod- 
uct. What McAfee doesn't mention is 
the sad reality that anti-malware vendors 
are fighting a battle that cannot be won. 
Information Security Magazine per- 
formed a test of 8,114 malware specimens 



against seven different anti-malware ven- 
dor products. The best performing prod- 
uct was unable to detect 8%, or approxi- 
mately 640, of the specimens. If a black 
hatter's favorite Trojan is countered, he 
just writes a new one. Steve Hanna, co- 
chair of the Trusted Computing Group, 
said, "We cannot patch our way to a solu- 
tion to our security problems." 

Modern security claims are like the 
leeches, charms and humors of medieval 
medicine. Can IT managers and con- 
sumers alike raise the ignorance of Mid- 
dle-Age patients? 

Don't get me wrong: I have a tremen- 
dous respect for Google, Microsoft, 
VMware and others. They have advanced 
society with astounding capabilities and 
functionality. But these companies have 
let us down when it comes to security. 

To create software that is secure, a 
high-robustness development process 
must be followed from the start. High 
robustness implies a level of rigor in 
design, testing and formal analysis that is 
alien to enterprise software houses. High 
robustness also requires a steadfast appli- 
cation of the core security engineering 
principles of least privilege, complexity 
minimization, and componentization. 

People are demanding a solution to 
the economic mess. Why aren't they 
demanding a solution to the security 
mess? Now that there is proof that it is 
practical to create and deploy certified 
high-robustness solutions, it's time to hold 
software providers to a higher standard. I 

David Kleidermacher is CTO of Green 
Hills Software, which sells operating sys- 
tems that compete against Linux and Win- 
dows, based on security certifications. 



Wireless expected 
to remain strong 



DATA WATCH 



The vast majority of developers are expecting wireless application development to either 
remain the same or increase throughout this year, according to figures released by 
Evans Data. Evans surveyed over 400 wireless developers for their report. 




94% of corporate 
developers expect the 
development of wireless 
enterprise applications to 
either increase or stay the 
same this year. 

6% of developers expect 
development efforts to 
decrease. 




40% of wireless 
development projects 
take three to six 
months to complete. 

60% are 

completed in less 
than six months. 



When selecting wireless platforms, 
40% more developers plan 
to target Windows Mobile 

than Apple's iPhone. 



46% plan to target .NET 

more than Google's Android 
platform. 



Source: Evans Data Survey 
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Save $200 

on Conference registration! 
Register by April 22 at 

java.sun.com/javaone 



The JavaOne™ conference brings together developers, technology enthusiasts, 
and industry luminaries from around the world. It's your chance to learn, 
grow, and network with the vast— and growing— technology community. 

This year's JavaOne conference offers even more opportunity to grow your 
language skills. You can: 

• Understand all that's new with Java™ Platform, Standard Edition (Java SE 
platform) as it revitalizes Java technology on the desktop and continues 
to expand into all manner of embedded devices 

• Find out how )ava Platform, Enterprise Edition ()ava EE platform) 

has evolved to meet the extreme needs of startups, Web infrastructure 
providers, and the enterprise 

• See new tools and techniques for developing Web-oriented RESTful and 
WS-* services 

• Learn how to create security solutions leveraging open-source identity 
services 

• Connect with developers from more than 70 countries, and hear from 
expert speakers 

• Choose from a wide variety of targeted tracks, labs, and BOFs 

• Get tips and best practices from Java Rock Stars, creators, and evangelists 

• Experience JavaFX™, RIAs, and other groundbreaking technologies- 
hands-on in our Pavilion 

Nowadays money's tight. That's why it's more important than ever to attend 
the one conference that delivers everything you want to see, learn, and 
experience— all under one big roof. And that's the JavaOne conference. 



Save Your Spot-Register Today! 

By the way, check out CommunityOne, Sun's conference on open-source 
innovation and implementation, colocated with the JavaOne conference. 
developers.sun.com/events/communityone 
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wSun 

microsystems 



Cosponsored by 



Lgft Sony 



Ericsson 



© 2009. All rights reserved. Sun, Sun Microsystems, the Sun logo, Java, JavaFX, and )avaOne are trademarks 
or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the United States and other countries. 
Information subject to change without notice. 
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Recognizing DSL opportunities 



In my last column, I said that develop- 
ing a domain-specific language (DSL) 
is only occasionally a good solution for a 
development team. The tools of 
Microsoft's Oslo project, while impres- 
sive, can hardly achieve the declared 
objective of order-of- magnitude reduc- 
tions in development time and cost if 
they are only deployed on an ancillary 
problem every few years. 

On the other hand, if a language-based 
component can be used in the very core 
of an application, then all development 
will gain an advantage. It's vital, then, to 
understand what a language-based toolkit 
does, and does not, produce. 

Let's start with the bad news: The 
result of writing a parser is an XML docu- 
ment. You have a tree-like data structure 
with a root and some branches and leaves 
that are filled with a combination of type 
information and data ("This node is a tele- 
phone area code. Its value is 415."). Tech- 
nically, this structure is called an abstract 
syntax tree (AST), and the data structure 
is not really an XML document. But in the 
end, an AST is nothing that you couldn't 
put together with XMLSpy, or cobble 
together with an InfoPath or Web form. 

Hopefully, you would laugh in the face 
of someone who came to you and said, 
"We could solve this business problem by 



using XML!" So, too, should you consider 
carefully the proposition of solving a prob- 
lem with a DSL. You can take a stream of 
data (such as a text file) and transform it 
into a tree that reflects its logical structure 
(an address block whose parent is the 
billing address, an address block whose 
parent is the shipping address, etc.). 

Transforming a stream into 
a hierarchy, then using the 
skills we've developed for 
working with XML to map that 
into a database or object mod- 
el, may be an extraordinarily 
powerful solution to a thorny 
problem. More often, though, 
it's not uniquely valuable; we 
now have form painters that 
can rapidly develop screens 
that implicitly structure user 
input. The tools are highly productive, 
end users are used to forms, and a form 
painter is faster at developing a rigid hier- 
archy than any parser generator. 

Form painters are great for rigid gram- 
mars: An order always has one or more 
line items, always has one billing address, 
may have a shipping address, etc. The 
relationships between the types are large- 
ly static, with straightforward multiplici- 
ties and sequencing ("Error: A required 
field is missing. Please enter the data and 




press 'Next Step' to continue..."). 

One big sign of parser potential is the 
combination of easily defined tokens and 
smaller elements with flexible sequencing 
or context-dependent relationships. The 
"Hello world" of parser generators is a cal- 
culator that handles "1 + 2 * (3 - 4)" prop- 
erly. Numbers, operators and white space 
are easy to define, but the 
rules of mathematical prece- 
dence make sequencing a little 
more complex. 

Another example might be 
a parser for a legacy main- 
frame report, where the 
interpretation of "a number 
in columns 20-25" requires 
knowing if you're in a part 
description, an address block 
or a page header. 
Why am I going on about data and not 
talking about symbol tables and expres- 
sions and "language stuff? The lexer and 
parser are just the front end. The back- 
end interpretation or code generation is 
where much of the real action takes place. 
For one thing, Microsoft hasn't yet 
revealed the back-end components of 
Oslo (although Oslo and the Dynamic 
Language Runtime look like the towers of 
a suspension bridge that are just waiting 
to be strung together). For another, you 



Larry 
O'Brien 



still don't have anything magical: just a 
tree-like data structure akin to an XML 
document that you traverse, doing some- 
thing based on your current node. 

It's harder to reason correctly about 
both data and behavior than about just 
data, especially if your scope creeps and 
you find yourself creating a general-pur- 
pose language. A practical challenge is 
that refactoring a grammar tends to break 
a lot of tests and code unless you've done 
a great job maintaining a clean sequence 
of transformations and traversals. 

I suspect that the best tactic for DSLs 
is to look for (as they say) "the smallest 
important domain that could possibly 
work." Do not try to design the next C# 
unless you're the next Anders Hejlsberg. 
Do not try to design a rule-based language 
to allow executives to code the rules of 
your supply chain without a programmer. 
Do not create a grammar that models 
your enterprise. Rather, seek something 
close to the heart of your work (so that 
your investment will have leverage over 
time) that has context, sequencing or rela- 
tionship complexities, but also has a small 
and concrete set of atomic tokens (or, at 
least, simple grammatical molecules). 

Such opportunities may not be as 
common as we wish, but when they 
arise, the success can be enormous. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his hlog at 
www. knowing, net. 



Qt: suddenly resurgent 



For many years, the Qt toolkit has been 
the best GUI toolkit available on the 
market. Better than the Java client 
libraries (Swing and SWT), better than 
Microsoft's libraries, better than the excel- 
lent third-party component libraries for 
.NET, and superior even to Apple's Car- 
bon and Cocoa GUI frameworks. As to 
OSS products, such as GTK or wxWid- 
gets, there is no comparison whatsoever. 

What makes Qt so demonstrably 
superior are the scope of the library, the 
quality of implementation and its porta- 
bility. I'll get into each of these attribut- 
es shortly. But for the moment, I want to 
discuss the product's perceived limita- 
tions and some recent developments 
that are of interest. 

Historically, the two biggest knocks on 
Qt were its price and the fact that it's writ- 
ten in C++. Of these, price was the prin- 
cipal obstacle to wider adoption. When 
the product was owned by Trolltech, its 
original designer, Qt was dual-licensed: a 
for-pay license, which charged under 
US$2,000 per platform per developer 
seat, and a free open-source (GPL) ver- 
sion on Linux. In the Linux world, from 
where Qt sprang originally, it is the toolk- 
it used in KDE, one of Linux's two prima- 
ry desktops. In 2007, Trolltech began to 
loosen licensing by providing an OSS ver- 
sion for Windows. Like the Linux version, 



the Windows OSS license was GPL. 

Then Trolltech was acquired by hand- 
set-maker Nokia in early 2008 (primarily 
for the embedded version of Qt, called 
Qtopia). Many pundits were concerned 
that Nokia would simply absorb the tech- 
nology for internal use and no longer pro- 
vide upgrades to the larger community. 
This fear turned out to be unfounded, as 
Nokia has done just the oppo- 
site. It has brought out new 
versions of the library and, just 
recently, announced that it was 
enhancing the licensing model. 

In addition to the GPL ver- 
sion, Qt has just begun ship- 
ping a version licensed under 
the LGPL, which is a far more 
user- friendly license. Nokia 
will continue to provide a for- 
pay license for companies that 
want unrestricted use of the technology 
and paid tech support. The new licensing 
should further anchor Qt as the library of 
choice among developers. 

As to the limitation that the choice of 
C++ represents, Trolltech released a 
Java version called Qt Jambi. This prod- 
uct, which is being discontinued (but 
open-sourced), was a Java wrapper 
around the C + + library, using JNI for 
the interface between the two. In addi- 
tion to Qt Jambi, bindings for PHP, 
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Ruby and Python are currently available 
from other parties. 

Qt is well-liked for several reasons. 
Portability, for example, extends to Win- 
dows, Linux and Mac OS X — all three for 
32- and 64-bit versions — plus Windows 
CE, embedded Linux and Symbian. 
That's more than any other GUI toolkit. 
Breadth of offering is a second major 
advantage. Not only does Qt 
cover all the components of 
GUIs, it also adds libraries that 
abstract away platform differ- 
ences for other computing 
needs such as memory alloca- 
tors, files, threads, sockets and 
network connections, collec- 
tions, strings, text, fonts, XML 
and XSLT, and so forth. Con- 
sequently, Qt apps are far 
more portable than equivalent 
code that runs with GUI-only libraries. 

Because of these extensive capabili- 
ties, Qt can bundle substantial compo- 
nents not available in other libraries. For 
example, it includes its own embeddable 
HTML display unit that supports HTML 
5 features, such as zooming and CSS- 
based animations. It offers Netscape 
plug-in API compatibility so that you can 
incorporate Flash content into Qt apps. 
It has its own built-in ECMAScript 
engine. And it recently began adding 



document support for various formats, 
such as SVG, PDF and OOD. 

As to the GUI portion, the extensive 
support for rich text, 3D graphics 
(notably OpenGL, but with support for 
native platform graphics if preferred) 
and imaging are especially notable. And 
the system ships with, in my estimation, 
the easiest-to-use GUI design tool avail- 
able on any platform. Arguably, Matisse 
from Sun is competitive. 

The final advantage is quality of 
implementation. You simply cannot tell 
whether any given widget is native or 
not. Of course, on Linux desktops, the 
widgets are inherently native if they're 
running on KDE. On Windows, where I 
have mostly used Qt, I have not once 
been betrayed by errant behavior. 

I have discussed earlier versions of 
Qt in this column and have reviewed 
some releases for Info World. With each 
new version, I continue to be impressed 
by how the product has stayed true to its 
quality commitment while greatly 
expanding its capabilities. The latter is 
particularly impressive in the light of 
how well Qt has hewn to its original sim- 
ple syntax and simple API. 

It's one of the few demonstrably supe- 
rior development tools by my estimates. 
And with the new LPGL license, it is now 
available at no cost to all developers. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
binstock. hlogspot. com. 
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Measuring connectedness 



Industry Watch 



Connection strength. Clustering coef- 
ficient. In-between-ness. 

These were some of the terms I was 
introduced to during a recent talk with 
Lawrence Liu, ex of Microsoft's Share- 
Point team and now with social analytics 
provider Telligent. I found the notion of 
social analytics to be intriguing, and I 
wanted to get Liu's definition of the 
term and how it would be 
applicable in an enterprise. 

Simply put, social analytics 
is a way to analyze the interac- 
tions and activities within an 
environment. Whereas Web 
analytics provides insight into 
what's happening with a web- 
site and its content, social ana- 
lytics gives a picture of the 
amount of engagement a user 
has rather than being about 
page views or content consumption. 

Further, social media analytics can 
tell an organization how many people 
are commenting on or rating its con- 
tent. Social network analytics, on the 
other hand, can tell the organization 
how its people are connected to each 
other and to the outside world. 

While one would have to comb the 
entire Internet to get a picture of an indi- 
vidual's connections — a friend of a friend 
of a friend on Facebook, for example, or a 
fourth-degree connection on Linkedln — 
there is more opportunity to mine mean- 
ingful information on an intranet. 

An organization could see, for exam- 
ple, whom its workers go to, how often 
and with what result, for collaboration, 
coaching or simply as a sounding board. 
The value of these connections can also 
be measured, Liu said. "Outlook knows 
we've had a meeting scheduled. If the call 




was made, it should be indicated. It 
would appear as a spike in our connection 
strength," he explained. 

Analytics can show how people work 
together and use the information to cre- 
ate more effective teams. You can see 
clusters of people — usually project 
teams — and how the individuals act 
with each other and with other clusters 
of people. That's the cluster- 
ing coefficient. 

Then there's "in-between- 
ness." Social graphs can show 
whether a person is a bridge 
between clusters or if the per- 
son is an "attractor" of others. 
Based on all these factors, Liu 
said, such things as internal 
job transfers become less sub- 
jective and interview-based, 
and instead are driven by hard 
data. "It means people can't just [B.S.] any 
longer," Liu said. "Instead, it's, 'Based on 
all three factors, here are three people 
you should be connecting with.' " 

There are some privacy issues that 
must be dealt with, he cautioned. People 
will give up some degree of privacy as 
long as they gain some benefit from their 



perceived private data being analyzed, 
such as more targeted marketing mes- 
sages, or having that information be used 
by some company software to find others 
in the same job at other sites or even oth- 
er companies. Of course, when these 
people leave their jobs, they will want 
their information destroyed or able to be 
taken with them to their next position. 

"Employees are becoming more like 
contractors. If they share knowledge, it 
helps them learn more," Liu said. 
"There's a part of that they can take. But 
using company resources and time to 
make social connections is controversial, 
even if the connections are more profes- 
sional in nature." 

SharePoint, Liu said, is ripe for some- 
thing like this. He indicated that the 
SharePoint 14 release, coming next year, 
is addressing some needs in this area. 
And companies, such as Telligent and 
NewsGator, are also working to hone 
their usage products for the platform. 

"SharePoint has struggled in the 
social analytics area. Companies feel like 
SharePoint is becoming a black hole of 
content," Liu said. "There's a lot of work 
to do in these areas, but the potential is 
great." I 

David Rubinstein is editor-in-chief of 
SD Times. 
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Complex event processing software companies Aleri and Coral8 
merged, combining their product lines for what executives called a 
comprehensive software suite for developing real-time analytics 
and intelligence. The combined product line also brings analytics of 
live data sets delivered with online analytical processing software, 
Coral8 executives said . . . Web-based engineering company 
dezineforce secured a second round of Series A funding for £1.8 
million. Investors included IQ Capital Partners, DN Capital and 
dezineforce board members, dezineforce offers an "engineering 
design optimization" service over the Internet and on a subscrip- 
tion basis, company executives said. The funding will be used to 
grow the company and address vertical markets . . . Data integra- 
tion software provider Informatica signed a definitive agreement 
to acquire Applimation, a provider of application data manage- 
ment software. Informatica executives said the acquisition will 
expand its market and advance the company's leadership in data 
integration . . . Application infrastructure software provider 
Progress Software named Robert Stowsky as director of its finan- 
cial services sector. Stowsky has 20 years of experience in the 
financial services industry and is a member of the Securities Indus- 
try and Financial Markets Association Asset Managers Forum 



Derivatives Operations Committee. Prior to Progress, he co-found- 
ed Brook Path Partners, a consulting firm focused on process 
automation. With Progress, Stowsky will try to grow the company's 
product lines in the financial services industry . . . Cloud comput- 
ing firm Skytap has closed a US$7 million Series B funding round 
from Ignition Partners, Madrona Venture Group and WRF Capi- 
tal. Company executives said that the funds will be used to improve 
the development of Skytap's cloud-based virtualization software. 

EARNINGS: Mobile device software provider Intrinsyc Software 

reported revenues of US$24.7 million for the full year 2008, as 
compared to $17.6 million for 2007. Fourth-quarter 2008 revenue 
was $5.7 million, in comparison to $5.3 million for the same period 
in 2007. Revenue from the company's software solutions increased 
to 43% of all revenues in the quarter compared to 10% in the same 
quarter a year before . . . Wind River Systems reported revenues 
for its fourth quarter ending Jan. 31 of US$88.4 million, up from 
$84.3 million over the previous year. The company's net loss 
widened to $4.4 million from a net loss of $2 million in the same 
period a year before. Company executives said they expect yearly 
revenue of US$374 million in 2009. 1 



EVENTS CALENDAR 



MySQL Conference 
and Expo 

Santa Clara 
O'REILLY MEDIA 

www.mysqlconf.com 



April 20-23 



RSA Conference 

San Francisco 
RSA 

365.rsaconference.com 



April 20-24 



RailsConf 

Las Vegas 
O'REILLY MEDIA 

en.oreilly.com/rails2009 



May 4-7 



Micro Focus World 

Dallas 
MICRO FOCUS 

www.microfocusworld.com 



May 11-13 



Microsoft TechEd May 11-15 

Los Angeles 
MICROSOFT 

www.microsoft.com/events/teched2009 

Interop Las Vegas May 17-21 

Las Vegas 
TECHWEB 

www.interop.com/lasvegas 

IBM Rational May31-June4 

Software Developer Conf. 

Orlando 
IBM 

www-01.ibm.com/software/rational/rsdc 



JavaOne 

San Francisco 

SUN MICROSYSTEMS 

java.sun.com/javaone 



June 2-5 



HP Software Universe 

Las Vegas 
HEWLETT-PACKARD 

www.hpsoftwareuniverse2009.com 



June 16-18 



iPhone Developer Summit June 22 

New York 
SYS-C0N 

www.iphonedevsummit.com 



S0A World Conference 
SExpo 

New York 
SYS-C0N 

www.soaworld2009.com 



June 22-23 



AJAXWorld RIA 
Conference & Expo 

New York 
SYS-C0N 

ajaxworld.com 



June 22-23 



SOAWorld 
Conference & Expo 

New York 
SYN-C0N 

soaworld2009.com 



June 22-23 



SPTechCon Boston 

Boston 
BZ MEDIA 

sptechcon.com 



June 22-24 



Microsoft Worldwide 
Partner Conference 

New Orleans 
MICROSOFT 

partner.microsoft.com/40018508 



July 13-16 



For a more complete calendar of U.S. software 
development events, see www.sdtimes.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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XapOptimizer 



TRY IT FREE ONLINE @ 
labs.componentone.com 



WE 



Get the richest set of controls in one great suite. 
Studio Enterprise 2009 will amaze you with 
enhanced performance and presentation. 

NEW Studio for Silverlight 

• Add style to your Ul with built-in support for the most popular 
Microsoft Silverlight Toolkit themes 

• Create graphical navigation with 3D effects using the new 
CI CoverFlow control 

• Import and export RTF files with CI RichTextBox 

• Get ahead of the pack with access to the best resources, including 
20+ samples with source code for quick learning & online forums 



NEWStudioforASP.NET 

• Experience more interaction on the client-side with new light- 
weight, high-performance controls 

• Create themed and animated apps using dozens of built-in 
styles & effects 

• Eliminate the learning curve with new CI Grid control that mimics 
the Microsoft ASP.NET Grid control with added features like row 
filtering, virtual scrolling & more 



NEW Studio for iPhone 

• Develop Web apps that look and feel like the iPhone and iPod 
touch native Uls using a wide range of unique ASP.NET control" 



ComponentOne 

Studio 





NEW 



RELEASE 



Enterprise 2 



GET STARTED TODAY • DOWNLOAD YOUR FREE TRI/ 



j 





'amazingweb 



Grids • Charting • Reporting • Scheduling • Menus and Toolbars • Ribbon • Data Input • Editor 



© 1987-2009 ComponentOne. All rights 
reserved. iPhone and iPod are trademarks of 
Apple Inc. All other product and brand names are 
trademarks and/or registered trademarks of their 
respective holders. 



WinForms WPF ASP.NET Silverlight iPhone Mobile ActiveX 
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Sales: 1 .800.858.2739 or 1 .41 2.681 .4343 



Advanced Digital Dashboards Require 
Advanced Data Visualization 
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Dund 

Data Visualization 



as 



Available for Visual Studio 2008 & SQL Server 2008 Reporting Services 

Build Custom Executive Dashboards With Data Visualization Solutions From Dundas! 

As the leader in data visualization solutions for .NET, SharePoint 2007 and SQL Server Reporting Services 2005 & 2008, Dundas offers the latest 
award-winning chart, gauge and map technologies. See why Fortune 500 companies around the globe trust Dundas to create advanced custom 
dashboard applications. 

For customers requiring additional assistance, Dundas Consulting offers unmatched expertise and experience in creating and optimizing digital 
dashboards and their supporting infrastructure. Our team of highly specialized software consultants and graphic artists can help you jump start 
your dashboard initiative, build your complete system or simply advise you on all the tasks associated with bringing a dashboard system to life. 

To see for yourself how Dundas products can improve your applications, download full evaluation copies of Dundas Chart, Gauge and Map from 
www.dundas.com/downloads . 



Dundas 
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Chart Gauge Map 



Available for: 



SharePoint 2007 



.NET 



SQL Server Reporting Services 



Microsoft 

GOLD CERTIFIED | Data Management Solutions 
Partner 



www.dundas.com 



Microsoft, SharePoint, SQL Server and Visual Studio are registered trademarks of Microsoft Corporation in the United States and/or other countries 



www.dundas.com 
info@dundas.com 
(416)467-5100 



Advanced Data Visualization for Microsoft® Technologies 



